Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    91s
  • max time network
    182s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250207-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250207-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    10/02/2025, 04:34

General

  • Target

    VirusSign.2023.11.29/047c7fed39ef255fecdd70e9a870ae19.exe

  • Size

    201KB

  • MD5

    047c7fed39ef255fecdd70e9a870ae19

  • SHA1

    e4a67366dad976acc98df8ae22b7f57908bce6b7

  • SHA256

    66cdae03bb8c51a27b91bfe1d9050ced4e460187e24b0e57a1c293ee0ed7d31e

  • SHA512

    535222afefe3de7da26fa260206928fe0aa5864b7820d0e00c941522dee4c0a7272f059a2483b83922263e7e5776cfbc19d2e655976f6fb5c02aa354b045e62c

  • SSDEEP

    3072:n4CgWgTsDAJJRjOV2/pwb5ryT5tlDhB2IFTLFZhh2D+0caj3kyRACAbpn:n4Cg3JJF35tlDhB2Cn9ozO

Malware Config

Signatures

  • Downloads MZ/PE file 1 IoCs
  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirusSign.2023.11.29\047c7fed39ef255fecdd70e9a870ae19.exe
    "C:\Users\Admin\AppData\Local\Temp\VirusSign.2023.11.29\047c7fed39ef255fecdd70e9a870ae19.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5096
  • C:\PROGRA~3\Mozilla\kwforzi.exe
    "C:\PROGRA~3\Mozilla\kwforzi.exe" -dawiryc
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3936
  • C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MjZFOTFEQzUtQUNFRC00QTI4LUFDRkItN0EwN0E5MDZBODJBfSIgdXNlcmlkPSJ7OTU2MDI1MTgtMDJFRC00RTEyLUI5ODctRjQ3ODhGOUU1NDBGfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7RDZCMkRCOTktM0RENy00NDU4LTlBNzUtNEM2RjVBQ0IxOEU4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMiIgaW5zdGFsbGRhdGV0aW1lPSIxNzM4OTM1NTAwIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM0MDgwNDYzMTQwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTQzNzY4NjQ3NyIvPjwvYXBwPjwvcmVxdWVzdD4
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • System Network Configuration Discovery: Internet Connection Discovery
    PID:3832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Mozilla\kwforzi.exe

    Filesize

    201KB

    MD5

    ef498eb2fcc69cae333e5dfe0d70cbf5

    SHA1

    fa186c731a810e30bc5aa6ea075ae92c847d16f6

    SHA256

    bfb51cfa3dae1dc3477b25e06b047d74e6bece8accf1fedc7e24af7a57fbf8ec

    SHA512

    ef83b3bcb658a765a1c3329d6aded89a9a0850343d5fd84c9839086cf497a29ad8401626c4d9967eaea29265ed4c2d2e82259525d669d7667c7d5598a1f5483a

  • C:\ProgramData\Mozilla\lksxdrg.dll

    Filesize

    47KB

    MD5

    83e1e47cb88de110861274ae345e6a5e

    SHA1

    46bfd6ca0514d1dfd288845067f5a28912f72823

    SHA256

    6051895c049484841fd01ecb397cdee48f8553523e462445d3331607b7d22082

    SHA512

    91d8a945e3debb3bcaf3548bd791cea0197d372568214fed06cf3517d16a31d359b6686340bec393e0794e3d6f788713ef5abacadc1348d81621368c911ffe8b

  • memory/3832-17-0x0000000010000000-0x0000000010016000-memory.dmp

    Filesize

    88KB

  • memory/3832-19-0x0000000000EC0000-0x0000000000ED6000-memory.dmp

    Filesize

    88KB

  • memory/3832-20-0x0000000000EC0000-0x0000000000ED6000-memory.dmp

    Filesize

    88KB

  • memory/3832-18-0x0000000000820000-0x0000000000836000-memory.dmp

    Filesize

    88KB

  • memory/3936-8-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

  • memory/3936-9-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB

  • memory/3936-11-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

  • memory/5096-2-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

  • memory/5096-6-0x0000000000400000-0x000000000045B000-memory.dmp

    Filesize

    364KB

  • memory/5096-1-0x00000000005E0000-0x000000000063B000-memory.dmp

    Filesize

    364KB

  • memory/5096-0-0x0000000000400000-0x000000000045E000-memory.dmp

    Filesize

    376KB