Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

UpdateTool.msi

windows7-x64

6

UpdateTool.msi

windows10-2004-x64

6

Resubmissions

30/09/2024, 20:16

240930-y2bt7axdme 8

30/09/2024, 20:14

240930-yzywyaxdje 8

30/09/2024, 20:06

240930-yvhzxsshmn 6

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 20:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    UpdateTool.msi

  • Size

    173.6MB

  • MD5

    90c290ef28ab6f163a446969090f2daf

  • SHA1

    c98b1d586dbb4be7781799a5f414292f11b8326d

  • SHA256

    667c036ba1c67b0e6377a23deca78f35220ff15ec278e34fffa521f779b1ddb4

  • SHA512

    5615cf7e26f9f762e3853b49b42a327dffdb9f601178bb7d743ab362277d0c850fcbbf40b7c759d7a41f9436dc7e16138a91729fb7ec13d199bffc05b0bb660d

  • SSDEEP

    3145728:QP7AKGpPJJgLBZV7MVRy7mURaD8RhDFoqoCPO5R3CvKCNaInqqD7vZbUD02ilsjr:mAKgPLgLBZVR3RBlatCPO2H/5b2iqjr

Score
6/10
discoverypersistenceprivilege_escalation

Malware Config

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 5 IoCs
  • Loads dropped DLL 3 IoCs
  • Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs
    persistenceprivilege_escalation
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\UpdateTool.msi
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Event Triggered Execution: Installer Packages
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2696
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 5CD0A10F291BDBF54286DC00B7A4B273
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:1824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07298EE8EBA9732300AE62BDCA6B6898
    Filesize

    1KB

    MD5

    e11e31581aae545302f6176a117b4d95

    SHA1

    743af0529bd032a0f44a83cdd4baa97b7c2ec49a

    SHA256

    2e7bf16cc22485a7bbe2aa8696750761b0ae39be3b2fe9d0cc6d4ef73491425c

    SHA512

    c63aba6ca79c60a92b3bd26d784a5436e45a626022958bf6c194afc380c7bfb01fadf0b772513bbdbd7f1bb73691b0edb2f60b2f235ec9e0b81c427e04fbe451

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07298EE8EBA9732300AE62BDCA6B6898
    Filesize

    312B

    MD5

    b5106d0e1a34f078af0a4bc022f2b5ce

    SHA1

    c4da3f7fe605c456cfda010a02f4b9187e882b3a

    SHA256

    0f8cd2c784387ddc41cb8192a2c3432a9f35a4a248c385230148f479e57f8740

    SHA512

    973bb01e0bd334cb48248d93a8305aa5909d3609922318a3dc72018e927b61e93ec7731d8dd181ad6cc4c31b1fd90fa991dfd96d568144d91febb11cddfaff11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e3a1de9c8d4e9789cc338d138de5b68f

    SHA1

    3780c0da8e41c11b7ebc813f5bcc901f43515c0d

    SHA256

    77d0d97c705588f9b2b92e646e59c83f65bf50a23d6bac4f86428616543f8b92

    SHA512

    37b9135794a50abf96a8bec3741f081ab292a8d46e956fbd075b869a051014086b1a6f1dd8cac8dc8be787766f99731def474e93f5f08330eb4d0e4884a14f26

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2B1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3FC.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Windows\Installer\MSIC6C.tmp
    Filesize

    550KB

    MD5

    8259dc74965f3c8e91d152862580a773

    SHA1

    d2d029f9f9be25be3c5526c5a52449c034c673e1

    SHA256

    84f8a39d32775639bb3f8875b8e871e0e2344f2a96c52ab6660e65d5c33fd7f9

    SHA512

    50903688a44609700a84bfb18859b038ebb9ea69d142b1fc23d7bc639879e8be469dab23de777bba8265eb4da8ca7614747f2559034339061236ea7e2b5fd6d0

    Download Submit

  • C:\Windows\Installer\MSID19.tmp
    Filesize

    945KB

    MD5

    75fdd4bafba5d7082126be37eef2598a

    SHA1

    73cb2823016ecb1ce287da67e135e02c13c556c6

    SHA256

    4ecd8241776a95987927cc7cc4854f2d1b4ce3e0631aed33c7639e931921ba15

    SHA512

    00bd76d4bb9ac5cb5ded051d37e8df5e4a9c6209e747b2b399f7744d833fad0e957fd4fa897db02bc3ea9ae1da8d25e29623ef19c968c7791481e51fd6a7f891

    Download Submit