Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

DEUSEXMKD+...NG.exe

windows7-x64

7

DEUSEXMKD+...NG.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/09/2024, 09:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DEUSEXMKD+22Tr-LNG.exe

  • Size

    4.0MB

  • MD5

    d60f09f0dd451feb6dec466e505fc8a2

  • SHA1

    b120849961868983a8d0441579e6bb55856ebbe7

  • SHA256

    9b88f96ff05b00bff38560eb562f2d56254aa85164416a765a0fa1782b979c12

  • SHA512

    72bf9b33d6e3dd1f21dfe66b6c7f65e6cd56f613f11069312185da1a68590de90443c395c3e0ef45868840af79a50a2d07bcd8145c5843931899d8302ba4113b

  • SSDEEP

    49152:ubb/LKDfkvNWpiTOMxoYGQlAkxpP2vrXG6+WZpULn92zFEi2Tnsrc:uCkvLoYGQlAkxpP2vrXG6A92zFL27sw

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DEUSEXMKD+22Tr-LNG.exe
    "C:\Users\Admin\AppData\Local\Temp\DEUSEXMKD+22Tr-LNG.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4360
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x500 0x510
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4092

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    28.118.140.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    28.118.140.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    76.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    76.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.139.73.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.139.73.23.in-addr.arpa
    IN PTR
    Response
    50.139.73.23.in-addr.arpa
    IN PTR
    a23-73-139-50deploystaticakamaitechnologiescom
  • flag-us
    DNS
    81.144.22.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    81.144.22.2.in-addr.arpa
    IN PTR
    Response
    81.144.22.2.in-addr.arpa
    IN PTR
    a2-22-144-81deploystaticakamaitechnologiescom
  • flag-us
    DNS
    29.243.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    29.243.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    67.112.168.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    67.112.168.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    28.118.140.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    28.118.140.52.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    76.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    76.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    50.139.73.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    50.139.73.23.in-addr.arpa

  • 8.8.8.8:53
    81.144.22.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    81.144.22.2.in-addr.arpa

  • 8.8.8.8:53
    29.243.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    29.243.111.52.in-addr.arpa

  • 8.8.8.8:53
    67.112.168.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    67.112.168.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\SkinSoft\VisualStyler\2.3.5.0\x64\ssapihook.dll
    Filesize

    66KB

    MD5

    c74d260d388f5ac3d95d8c1c3a27c989

    SHA1

    5da009086036004a7c670d608d5e1e923aead568

    SHA256

    dc1bebb8ce88d59e4b3130c1ff2c4b7f5df2701c7a71b476b8a6f2ed541db628

    SHA512

    6460db8f73806017d267c0e4e112902956a3bc53853c6a893cff66fe44772305b2c158ef8b58e993806d713aceaddcf2efa7ccf625063678444d3fd20b10546a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Bass.Net.dll
    Filesize

    632KB

    MD5

    ddc305fca2a8d80523ad8bc50996480b

    SHA1

    7bee723b565267aa355ad9f7f5cf17c74f2cce1f

    SHA256

    af9e46b70c7739547739ddfcdd56b7b218b5bda6e14c49bed3bbc08c2b867216

    SHA512

    acf2064d1b59d73cc5086f9a8c26a5e1fb7e7909e5460d3427d7681ee36709a568146000bbea9464fb173df474c58bda4f87bbbb759ea06ed2fd71d3c6bc0eea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Bass.dll
    Filesize

    218KB

    MD5

    82dbc53c4e057ad941eb73aba212956e

    SHA1

    38a582ce5fbe03e8c5f040d82f89b4797e305860

    SHA256

    eda3f66eedc49ff9b9506c1ccf679a7822104c771eaab3afa367f0d6a2c9bbd5

    SHA512

    6f8e9082750c9cc8eb7bcaf7b7442f52ec55e2b712fff29a3a22868218fbfd605b594314e7be2720fd25f5a89d95774481177429de35acb48d023d39a2767781

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp7ED5.tmp
    Filesize

    832KB

    MD5

    6aab5c90d7c703ed4aefd5100c97fd22

    SHA1

    b6bb0a5614da9565d5ef2a5a23aa0aaa5bd5b3f0

    SHA256

    1b796196d9ae7b15507546d53a2b5aeae36e5b80e6291f02317f6fedab18d74a

    SHA512

    6c1c1cc6da08f49d15f6cbbadc81bdfaa4251d9ecc9321e0de474141534b42f2bc4c4ada053ace81e07635478f945d2266466f45f9e55c3c924c974d86c26251

    Download Submit

  • memory/4360-34-0x00007FF889030000-0x00007FF889031000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-37-0x00007FF889050000-0x00007FF889051000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-19-0x000000001F650000-0x000000001F748000-memory.dmp

    Filesize

    992KB

    Download

  • memory/4360-2-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-26-0x00007FF888FD0000-0x00007FF888FD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-27-0x00007FF888FC0000-0x00007FF888FC1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-28-0x00007FF888C70000-0x00007FF888C71000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-29-0x00007FF888FE0000-0x00007FF888FE1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-30-0x00007FF888FF0000-0x00007FF888FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-31-0x00007FF889060000-0x00007FF889061000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-32-0x00007FF889000000-0x00007FF889001000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-33-0x00007FF889010000-0x00007FF889011000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-0-0x00007FF8EC893000-0x00007FF8EC895000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4360-35-0x00007FF889040000-0x00007FF889041000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-36-0x00007FF889020000-0x00007FF889021000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-9-0x000000001C460000-0x000000001C502000-memory.dmp

    Filesize

    648KB

    Download

  • memory/4360-38-0x00007FF889070000-0x00007FF889071000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-39-0x00007FF885DB0000-0x00007FF885DB1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-40-0x00007FF885E00000-0x00007FF885E01000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-41-0x00007FF885E10000-0x00007FF885E11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4360-42-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-43-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-44-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-45-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-1-0x0000000000FF0000-0x00000000013EE000-memory.dmp

    Filesize

    4.0MB

    Download

  • memory/4360-51-0x00007FF8EC893000-0x00007FF8EC895000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4360-52-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-53-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-54-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-55-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4360-56-0x00007FF8EC890000-0x00007FF8ED351000-memory.dmp

    Filesize

    10.8MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.