Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

sticking-o...er.mp3

windows7-x64

1

sticking-o...er.mp3

windows10-2004-x64

6

Resubmissions

02/09/2024, 19:47

240902-yhtwnawbqm 8

02/09/2024, 19:44

240902-yf71haxbmd 6

02/09/2024, 16:42

240902-t7z2ravemf 6

02/09/2024, 04:27

240902-e28pda1gjm 6

02/09/2024, 04:25

240902-e2agks1fqp 6

02/09/2024, 04:23

240902-ez6f8ssepa 6

02/09/2024, 04:20

240902-eydd3asela 6

24/08/2024, 02:54

240824-dd53xashql 10

Analysis

  • max time kernel
    1772s
  • max time network
    1155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/09/2024, 04:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sticking-out-your-gyatt-for-the-rizzler.mp3

  • Size

    175KB

  • MD5

    27b535b4401ff51e152ef5f6fdaa2b5c

  • SHA1

    eec3bba56eae9ff73d527c3638f3515d1c60da9b

  • SHA256

    1381fa3fc79389ad8e9c2f4acffda477c4b5c6e45a07fec9de523de30ee9efa8

  • SHA512

    9e322aef6c0c41f16fd0e101b89766032240570addba1a3be77b48207bc60c50a9ec3fbe82da9925d8d878ef111b625e629c05ee3dc23e30df10f8c523c8515e

  • SSDEEP

    3072:nU/Sk+yOMHjhLbJdTJ/ffFFxEuy1hqFXNQlPgoTzS+GpQE4pCUW4hkFTMRsHeV8L:nUK1yTdLbJrXPxEuy1jFJkpaxBV6

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\sticking-out-your-gyatt-for-the-rizzler.mp3"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2444
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4520
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:2988
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:2800
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x308 0x4a4
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    256KB

    MD5

    563088ad0f20fabf9dd62c6ba8ae1636

    SHA1

    f9cd2fd153afa1a12ff990cf27c32b8c9c44e878

    SHA256

    eb897bf202d32f067728f1b666eb16e9926557efa8676b72db11411013030184

    SHA512

    8229dfb1d96b6a34b91b1e5c463833e7859331be880f585c48af1ba0ace0465ac755c7f22a9e6f30284266165f850e8f85af76157eea8136b2d6f79db02d3092

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    49bb37a20017ae1e4f3d1b43fb1c6212

    SHA1

    62aca9ff4b3e7035b187bc12e6140b0e7daf3f34

    SHA256

    54235de33fb8b412e8889865cc279bba257230f9d8284ca6e6a27c59ca44bde1

    SHA512

    0259d2645b6198a5d27a7027049d3b46d19e39ffe6e42f41b8f7edeb2010119258ab604b9a6a0b706a7d9540248fefa3cab1931caec5920b382ead8ae40ab104

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    163bc41e97618ed1c98b48fd1c52b95f

    SHA1

    33b66fb72dff05b5ad9946bd0856a3d834646367

    SHA256

    f3f9aa804164c2795fe7d3f2a0e4dfc860d79d88a3a58ef03e11401f8fca79d3

    SHA512

    7ccad982c97cc4cc05d6d9987d6e9eddcc262b6a1dfc0c5944e3304d6e73d9295398f045100a566977f23968e12b39e0a30c9e9f61748cf54f3ae053460b2b54

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
    Filesize

    498B

    MD5

    90be2701c8112bebc6bd58a7de19846e

    SHA1

    a95be407036982392e2e684fb9ff6602ecad6f1e

    SHA256

    644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

    SHA512

    d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    da81513007d096652908ccb295fe9dd8

    SHA1

    0e75d055c135b62281ffa2e06b611ef275d4f74a

    SHA256

    beb1e53f0ed6cb972387741617970eef1064926e94831f8e48ac4b9b040b87b3

    SHA512

    adce8e6ad24cb94952d1961275860b0e3ba9b42e6a588cab138a84f17f6540b239606264af83a126b3bd4f5a2af648cd467fdf2a78828fa3967f7d248560b9b8

    Download Submit

  • memory/2444-34-0x0000000004940000-0x0000000004950000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-33-0x0000000004940000-0x0000000004950000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-32-0x0000000004940000-0x0000000004950000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-31-0x0000000004940000-0x0000000004950000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-36-0x0000000004940000-0x0000000004950000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-35-0x0000000004940000-0x0000000004950000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-42-0x0000000007740000-0x0000000007750000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-43-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-45-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-46-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-47-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-51-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-50-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-55-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-54-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-53-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-49-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-48-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-57-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-58-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-61-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-62-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-60-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-59-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-64-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-65-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-66-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-67-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-70-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-69-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-71-0x0000000007740000-0x0000000007750000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-68-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-72-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-75-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-74-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-76-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-77-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-78-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-81-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-83-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-82-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-80-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-79-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-85-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-86-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-88-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-90-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-89-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-87-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-92-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-93-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-94-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-95-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-96-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-97-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-98-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-99-0x0000000007740000-0x0000000007750000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-100-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-102-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-103-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-104-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-106-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-105-0x00000000098B0000-0x00000000098C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2444-107-0x00000000098A0000-0x00000000098B0000-memory.dmp

    Filesize

    64KB

    Download