Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Rusticalan...er.exe

windows7-x64

7

Rusticalan...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    47s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/09/2024, 13:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rusticaland-launcher.exe

  • Size

    64.8MB

  • MD5

    cf54cb776822a73090dc6b676e38782a

  • SHA1

    f1ac2a51e35e30c07ed2df769135295d3a5a88bf

  • SHA256

    fc93d7953819ec00809d4b231ce8b96d67d3a8cd46d13d0becb463fe16bde68f

  • SHA512

    8cb5dcb036662939b45d4c6ef991291f6d5efbac5fff79a01c43181632acd081f68f6ffe4459aec1ee2c7d3880ef8fcd5e44b85e173491034ccb5945be89c081

  • SSDEEP

    1572864:R9LHOdEv/78Bl9Bzs7hwOq/VE2kUC7dTiMuR34H8P7o92Zh:zjOU/e9FOIaLW1xP7o92Z

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Rusticaland-launcher.exe
    "C:\Users\Admin\AppData\Local\Temp\Rusticaland-launcher.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4616
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4f8 0x304
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    896KB

    MD5

    fbff1229740ae7a2d80814ac4404c0c8

    SHA1

    ae7c22aca87f90f3ef47d764e0d409dec5eb4a5b

    SHA256

    ba3fbc7f29c93bc7fe7107645b57b1a88352ba2eae2ba6c3d530a38627b891e6

    SHA512

    341e9540ffda91f9fab305baefd340921c1c1e3e57ac91ad5ccd12f990304e2844657d32f1cee5f93a1ed59436e0c31c2542b992cd67118fe750405a3b8a970e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\WebView2Loader.dll
    Filesize

    156KB

    MD5

    1ba96800bad54c6019fdb6fe41fca592

    SHA1

    b443b01719c3046d9107e93d181d5da38e6650aa

    SHA256

    dcf3c4f6024313eeb6f775ed343265d73be1ce1d5dde2f92195dbc32310c7fc9

    SHA512

    499764e2c75e9afb25e19941312221d3fce7c058ffac8293db5986a6a9b8dd77c45bf93311858470bec9afbd64dc3068b3d9a26d3e01051b9d51c02b1c2484c2

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Rusticaland\QuickLauncher\Nuclear.wma
    Filesize

    5.0MB

    MD5

    ecc578e589d671109bbc291268e24854

    SHA1

    2c7153ad8b0464c679cf28344f787bab713ba878

    SHA256

    ddf635d42349620ecf288b1b2bc4006f9a4849c5b136847c9c5e44651790dc6a

    SHA512

    9b1691a7236be5c0a04421f65fdd91b3bdbf283879c92e8076f11c50bacafcd6faa746e743e73c65b971ce9678098630daac0d88a52ed2c2ba1af4f51d60a998

    Download Submit

  • memory/4616-0-0x00007FFE45553000-0x00007FFE45555000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4616-1-0x000002221BEC0000-0x000002221FF92000-memory.dmp

    Filesize

    64.8MB

    Download

  • memory/4616-2-0x0000022220350000-0x000002222035A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4616-3-0x0000022220390000-0x00000222203AA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/4616-4-0x00007FFE45550000-0x00007FFE46011000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4616-6-0x0000022220360000-0x000002222037C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4616-5-0x000002223A520000-0x000002223B20A000-memory.dmp

    Filesize

    12.9MB

    Download

  • memory/4616-7-0x00000222203B0000-0x00000222203C6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4616-8-0x0000022220340000-0x0000022220348000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4616-9-0x000002223B210000-0x000002223C574000-memory.dmp

    Filesize

    19.4MB

    Download

  • memory/4616-10-0x000002223C580000-0x000002223CA92000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/4616-11-0x000002223CB90000-0x000002223CC4E000-memory.dmp

    Filesize

    760KB

    Download

  • memory/4616-12-0x00000222203D0000-0x00000222203DC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4616-13-0x000002223A480000-0x000002223A4EC000-memory.dmp

    Filesize

    432KB

    Download

  • memory/4616-14-0x000002223CD90000-0x000002223CE42000-memory.dmp

    Filesize

    712KB

    Download

  • memory/4616-15-0x000002223CE50000-0x000002223CF28000-memory.dmp

    Filesize

    864KB

    Download

  • memory/4616-17-0x000002223CF70000-0x000002223CFC0000-memory.dmp

    Filesize

    320KB

    Download

  • memory/4616-16-0x000002223D000000-0x000002223D076000-memory.dmp

    Filesize

    472KB

    Download

  • memory/4616-18-0x000002223D0B0000-0x000002223D0D2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4616-19-0x000002223D080000-0x000002223D09E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/4616-21-0x000002223DDF0000-0x000002223DE36000-memory.dmp

    Filesize

    280KB

    Download

  • memory/4616-22-0x000002223DF50000-0x000002223E12E000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/4616-23-0x0000022240740000-0x0000022240BC2000-memory.dmp

    Filesize

    4.5MB

    Download

  • memory/4616-24-0x00000222415D0000-0x0000022241D86000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4616-25-0x0000022240BC0000-0x0000022240CA6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/4616-26-0x0000022241D90000-0x0000022241E7C000-memory.dmp

    Filesize

    944KB

    Download

  • memory/4616-27-0x0000022241E80000-0x0000022242510000-memory.dmp

    Filesize

    6.6MB

    Download

  • memory/4616-28-0x0000022242510000-0x00000222428AA000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/4616-29-0x0000022242970000-0x0000022242C64000-memory.dmp

    Filesize

    3.0MB

    Download

  • memory/4616-30-0x0000022240CC0000-0x0000022240CCC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4616-31-0x0000022242C60000-0x0000022242E72000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4616-32-0x00007FFE45550000-0x00007FFE46011000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4616-33-0x00007FFE45553000-0x00007FFE45555000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4616-34-0x00007FFE45550000-0x00007FFE46011000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4616-35-0x00000222428E0000-0x0000022242900000-memory.dmp

    Filesize

    128KB

    Download

  • memory/4616-36-0x00007FFE45550000-0x00007FFE46011000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4616-37-0x0000022245B00000-0x0000022246368000-memory.dmp

    Filesize

    8.4MB

    Download

  • memory/4616-38-0x0000022245220000-0x00000222455D6000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/4616-41-0x00007FFE45550000-0x00007FFE46011000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4616-45-0x00007FFE45550000-0x00007FFE46011000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4616-47-0x0000022244050000-0x0000022244062000-memory.dmp

    Filesize

    72KB

    Download

  • memory/4616-48-0x00000222428B0000-0x00000222428BA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4616-66-0x00007FFE45550000-0x00007FFE46011000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4616-72-0x00000222428C0000-0x00000222428D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4616-73-0x00007FFE45550000-0x00007FFE46011000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4616-101-0x00007FFE45550000-0x00007FFE46011000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4616-104-0x00007FFE45550000-0x00007FFE46011000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4616-109-0x0000022247600000-0x00000222476AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/4616-124-0x00007FFE45550000-0x00007FFE46011000-memory.dmp

    Filesize

    10.8MB

    Download