Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

5

d215cf3550...7N.exe

windows7-x64

7

d215cf3550...7N.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PROGRAMFI.../m.exe

windows7-x64

8

$PROGRAMFI.../m.exe

windows10-2004-x64

8

$PROGRAMFI...UL.exe

windows7-x64

6

$PROGRAMFI...UL.exe

windows10-2004-x64

6

$PROGRAMFI...xb.exe

windows7-x64

5

$PROGRAMFI...xb.exe

windows10-2004-x64

5

Hash-MD5֤.exe

windows7-x64

3

Hash-MD5֤.exe

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2024, 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PROGRAMFILES/Funshion Online/Funshion/m.exe

  • Size

    100KB

  • MD5

    ffa9a7df6480ff67b5492f7a118e1b4b

  • SHA1

    2fdd98953d7dbff5f027cdff4b34f33c90374101

  • SHA256

    9f68c06375e0c5b624e81938ad8df51ea3053b7100c7e96adeee5e5207d2d5c3

  • SHA512

    c90cac6640b7f104903003f3d2adfd7a64aea23e6465e951e155b5616b884b536227ba6b4d8be95bf9f788e607a098606c82e9925136e9397f7fe330f171fb60

  • SSDEEP

    1536:WyZMSZFvknTePMZd4k4kJJM4Romu/5M7HVtfVt+gTXBUZ0qeUxVzef6i0lixG/HZ:xZMJnTeM4cJJM45DjVhDOZzxVayrrdZp

Score
8/10
discoverypersistenceupx

Malware Config

Signatures

  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Drops file in System32 directory 3 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 22 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 21 IoCs
  • Runs regedit.exe 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Funshion Online\Funshion\m.exe
    "C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Funshion Online\Funshion\m.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Windows\SysWOW64\regedit.exe
      regedit.exe -s C:\Windows\r
      2⤵
      • Sets service image path in registry
      • System Location Discovery: System Language Discovery
      • Runs regedit.exe
      PID:2060
    • C:\Program Files (x86)\WindowsPlayer\Media\MediaCenter.exe
      "C:\Program Files (x86)\WindowsPlayer\Media\MediaCenter.exe" C:\Users\Admin\AppData\Local\Temp\$PROGRAMFILES\Funshion Online\Funshion\m.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\1
    Filesize

    294B

    MD5

    b3da6c958962a5d9ea13e8a67415680b

    SHA1

    bdcb4a598f4782c6130d602cbd3a2d71ec98af35

    SHA256

    8b23d79b96401a92548ca2adf1f3e8fda5371fc3c07937ac295617d8a65600bc

    SHA512

    72818b870c61ed9060640cfad397ab9228f08f5c06c3f9a6b1b6d9b83e1c88788f2c7fd5e4725e091d8e7cf414e81a703d97ddd1decb0d12fd7cccc8e13f1835

    Download Submit

  • C:\Windows\2
    Filesize

    9KB

    MD5

    f08f5e65141be235580b9b6784f9f78a

    SHA1

    9786b4e68a6a3d1377e066f0ee7703e71d129597

    SHA256

    e53da24fa53cd24b98848eb45a59e95f7872717d5ec400061c89aece4498b282

    SHA512

    ed99259a77da36e14da3a1163fdb9a677135f52cacd44a4a6268f6af63e5320aa67146d81abf7b41e67921a0961189f3f510a2b97e3196dcbea354de0982e772

    Download Submit

  • C:\Windows\3
    Filesize

    25KB

    MD5

    83669aebc401dac229a6644c62b5dfb6

    SHA1

    9904bb4e9e64c927f84777c3250fb37d33924e6d

    SHA256

    ae4a1cce633ccd31d4605d46c8af308c99aae25355580662e941a3d3ec275f51

    SHA512

    a6a276d5a517a383c99a56a37cdaa02de08b8f614b08ece1fe15db645a4f2808fe763f002f34435bb4b6398d73154a407b119813a89dc04e8bb43dc80ffb6de1

    Download Submit

  • C:\Windows\IEHelper
    Filesize

    25KB

    MD5

    fe7c00acee71a7c95e0296b09eae86cf

    SHA1

    72788f2393cb6d870350386ba08155f22019336c

    SHA256

    53d674c1f2997a7d80392301b450d256668591d52a4900c660c84615ad668617

    SHA512

    a477821d1d39e8a3ca42b59e261a66f7ade8d99c370cee58c838413b36ee828bb1d61ed3bdcf5c6b5ebbedce3fe3fbde74a516e038b6625370fa1f4f56c44f8e

    Download Submit

  • C:\Windows\Iesy1
    Filesize

    3KB

    MD5

    e6675b96beafa719b6789d1a7cf4a17a

    SHA1

    be012f7f22c006edb44b7288c67308a4010030e6

    SHA256

    60f7afa0df6805e5fed8f31943a3fd1f6cdca9638defee9f99b28cf549f5834c

    SHA512

    08e7f07e0bd49d5779fc927e3f3c34f58845878a2e163a653153bd09beef1a612a6a2d1d042674652df16645452516a7fe392212953d0a3445dddad97950e36a

    Download Submit

  • C:\Windows\init.bat
    Filesize

    5KB

    MD5

    fe4840ece6f2045678545b8a4b9575a6

    SHA1

    9ec7bc018241cc4966e5668185d0c86c0777e100

    SHA256

    b54eccc0323d725353df9afecf585dd565ae2be8112f0c6d8ae69c08d23ab3cc

    SHA512

    967a228d71d35de15468d99d4f144675fdeb631c1bfca3c3aafbb8dd405dd8adfbd1cfc220ab2784594a870c8b57b43f73af4337e3d115083cbb95e9d0a6f079

    Download Submit

  • C:\Windows\r
    Filesize

    720B

    MD5

    1e4a364d62af7ca2e848641f96dfbd9e

    SHA1

    6cdc070edfc1311e745e81f154f1b5fc0036c3cc

    SHA256

    6ba029de625ee359e9a92e5c6275aa64fa033f6bfd0ea82e1400b9fd9df46d3b

    SHA512

    ae4f52dda7728e0f4b76368cde650d5afba955a95b85f7bcf11388b63b721a4d51a4eb1b266fb9d94179331e27e8e486b5407b40b47f168644717a59edabe6a0

    Download Submit

  • \Program Files (x86)\WindowsPlayer\Media\MediaCenter.exe
    Filesize

    20KB

    MD5

    47c714dd58ec8d0beaa1893bc94c30d8

    SHA1

    aa1a06b7b0aea4a8f518bc1e92f53610bf5a3b2c

    SHA256

    bfe09d763cb3d63ead982f1d0986d5105c1a0082dd494c8c4fbd2212ac377662

    SHA512

    5ab074072b24adb17ce71b59521df2b68e5570863dae348c952e8e11ea2780781a73e5699a371b07f7baf704436478565687f72d5c18024e5ae30dd37eff8395

    Download Submit