Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Wave.JohnP...ed.rar

windows11-21h2-x64

1

CefSharp.C...me.dll

windows11-21h2-x64

1

WaveWindow...ed.exe

windows11-21h2-x64

10

bin/Background.mp4

windows11-21h2-x64

6

bin/lz4.dll

windows11-21h2-x64

1

bin/wolfssl.dll

windows11-21h2-x64

1

bin/xxhash.dll

windows11-21h2-x64

1

bin/zlib1.dll

windows11-21h2-x64

1

bin/zstd.dll

windows11-21h2-x64

1

cracked by...lx.txt

windows11-21h2-x64

3

d3dcompiler_47.dll

windows11-21h2-x64

1

Resubmissions

26/11/2024, 17:54

241126-whcw2aylbr 10

29/06/2024, 04:49

240629-ff5aha1eke 10

Analysis

  • max time kernel
    597s
  • max time network
    578s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26/11/2024, 17:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bin/Background.mp4

  • Size

    4.6MB

  • MD5

    9782180eb68f73030fe24ef6a1735932

  • SHA1

    589827fe098ba048c9f871a28db8eae3e3537ff4

  • SHA256

    3a1cbb800f8f25c2ab703ba8bfdb01e938e4143c3bc0fea8ca734fb5ba779ba7

  • SHA512

    dc768638bae2d6d47d8910252ae64a656d8a6fd88efdf24165ddce51b7afdb4acb3fddd41dfe788737a2cab4fab66174db2f0d2f48bc8669af76d1656bca8be1

  • SSDEEP

    98304:xs/6Ldccul3Wn48btjNEkPSFTaIwJ0Mt6KNY:xs/Gul3EvEmFItMkb

Score
6/10
discovery

Malware Config

Signatures

  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\bin\Background.mp4"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4936
    • C:\Windows\SysWOW64\unregmp2.exe
      "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:5112
      • C:\Windows\system32\unregmp2.exe
        "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
        3⤵
        • Enumerates connected drives
        • Suspicious use of AdjustPrivilegeToken
        PID:3184
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
    1⤵
    • Drops file in Windows directory
    PID:336
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004CC
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    64KB

    MD5

    066f6e5acfff197d12b550ef7d452d41

    SHA1

    aaa8cfa5a56519594490d069f31a42a15ca515a2

    SHA256

    cac3a8354c7766b4ce0900bf4d8097bf372ec405a6af4bba63a6d92132932a30

    SHA512

    21c3985bdc883b7c0fcdfb660a577eb03870943d9e812a24726158b6c06cc36b00425fdeafddcb099fddd1488173280563f7241c9589e69d04d1eb1b5daa786b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
    Filesize

    1024KB

    MD5

    55a4ac76f976ff9ede548b042d9821f1

    SHA1

    a95d90c40f5256e550da3130bd0fa767d4de6c1d

    SHA256

    108b99131c3408050ff81c9915bfe4c25241677c090e9f7cdc21386deb2e6cce

    SHA512

    d44618366fac804f8f1087520a403925ecb848c9b79346f5be18b662bb23432ec659593bdd76422aa499f938e9aef5f3e131236adcea4e3e43a42ae06b8b137b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
    Filesize

    68KB

    MD5

    0056c2a9d451bacf74368660a991ab27

    SHA1

    3cc25ea02d2b3531d582bfd00a869faf7bd4592c

    SHA256

    82c9ebbab6aa0c8ae48e9dba5a88b8429c9caea9a9a89eabcb50fd6f508a3543

    SHA512

    4687b30591869e356737c9985779e0f0ea0d176b9140742f8d9eb1128ac50c8f31a63aa67e00c3fe336d2877fdf3e517a8c82f895224ad00f6ce8337365c449d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
    Filesize

    498B

    MD5

    90be2701c8112bebc6bd58a7de19846e

    SHA1

    a95be407036982392e2e684fb9ff6602ecad6f1e

    SHA256

    644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

    SHA512

    d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
    Filesize

    9KB

    MD5

    7050d5ae8acfbe560fa11073fef8185d

    SHA1

    5bc38e77ff06785fe0aec5a345c4ccd15752560e

    SHA256

    cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

    SHA512

    a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
    Filesize

    1KB

    MD5

    13ffdf9b1e4c4e38d44577128e5adb5d

    SHA1

    ce047792fcc16671c0eefdb36642355e7b0797fc

    SHA256

    4e8c4561a5920a698eb80a84c3b6298e2ce3cb19249ff4412d5f1605ddfcc64f

    SHA512

    779f4f56fb7f81041f7d9fb8b1dbf19733bc26fd1e1f646c9b1791d626ef317c5938cf8a171e839f2abe4d2cc499d6a1a3746b877047ae812a9f42cdf12e3784

    Download Submit

  • memory/4936-37-0x0000000006C00000-0x0000000006C10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4936-33-0x0000000004A60000-0x0000000004A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4936-36-0x0000000004A60000-0x0000000004A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4936-39-0x0000000006820000-0x0000000006830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4936-40-0x0000000004A60000-0x0000000004A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4936-41-0x0000000004A60000-0x0000000004A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4936-38-0x0000000006820000-0x0000000006830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4936-42-0x0000000006820000-0x0000000006830000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4936-34-0x0000000004A60000-0x0000000004A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4936-35-0x0000000004A60000-0x0000000004A70000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4936-58-0x0000000000AC0000-0x0000000000AD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4936-59-0x0000000000AC0000-0x0000000000AD0000-memory.dmp

    Filesize

    64KB

    Download