Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    91s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/09/2024, 23:00

General

  • Target

    jyzm-v0.9beta.exe

  • Size

    1.7MB

  • MD5

    0cac53381486d8fadede4fc5efc0f528

  • SHA1

    849bde62c51540ce65325c398c5441bc21c75841

  • SHA256

    bb96fd450a39abac4729438e5d3381fc497b812fb673cc74512a051409138a0f

  • SHA512

    ac52b290228fbf06c43fba22fa2d8e7e12be93591261b8ae9572e710d0aa61a9505edcc021dd2b9de1dec17e1d558cd80cb84ec12fe16368b17015d71b972553

  • SSDEEP

    49152:THbm/hpuUOQj9/sgfDQNQKbt3nrDUx8UBtNWPWS:7bm/hpwHiDQN93rG8U7NWeS

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\jyzm-v0.9beta.exe
    "C:\Users\Admin\AppData\Local\Temp\jyzm-v0.9beta.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:1928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsh509E.tmp\FindProcDLL.dll

    Filesize

    31KB

    MD5

    83cd62eab980e3d64c131799608c8371

    SHA1

    5b57a6842a154997e31fab573c5754b358f5dd1c

    SHA256

    a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

    SHA512

    91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

  • C:\Users\Admin\AppData\Local\Temp\nsh509E.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    0dc0cc7a6d9db685bf05a7e5f3ea4781

    SHA1

    5d8b6268eeec9d8d904bc9d988a4b588b392213f

    SHA256

    8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    SHA512

    814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

  • C:\Users\Admin\AppData\Local\Temp\nsh509E.tmp\ioSpecial.ini

    Filesize

    607B

    MD5

    0ef41e1af031b9059ad884d760556434

    SHA1

    a6c140d29a9360bce8d29aa4f24c3998b660ded6

    SHA256

    4eac7349499749fb1353b70e6f2831187dd0b11ce18c072e4fe83cf26bbdb81b

    SHA512

    51ddd980971f17b021d7171e78b506f273b9db846425bcc51c4e874b04d02474379b0fa44fc7daa935111b61c25386a4f88735599b4311a78d6f1b5c47add1b7

  • C:\Users\Admin\AppData\Local\Temp\nsh509E.tmp\ioSpecial.ini

    Filesize

    646B

    MD5

    0587855c7c79cc248c5bdc1ff9921809

    SHA1

    66ce1271e220603e3da088f2571347bda06f599b

    SHA256

    0cb740247268cf9c73463213c3d6648c842f1e19df53269621132e1b50fd8f5c

    SHA512

    6d21ecbe548b31f63962a9a175b3bbfa2efe076c2383a47fc6dc41cf01614a41a87bf800abf7baab30bec9075759f36db1d1484bbee86addafbc426a935cc750