Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

Setup soot....2.exe

windows7-x64

7

Setup soot....2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/02/2023, 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup soothe2 v1.1.2.exe

  • Size

    29.3MB

  • MD5

    0158a14c23a8da850a6ee55097662354

  • SHA1

    42a81c184384b1570e3fa38f47366ffe64e418a5

  • SHA256

    d5b6c825e2febc952ac4cc7e9a5977398a545bcc067fa5e9f490b461efb23d37

  • SHA512

    c7e7252ebf2071c5c6052600939319e88a304a81b3f5102d4aa120913f5252f46e86861287c563a515eb4c926a3a13b216fb758985639a77bc35f255917b600b

  • SSDEEP

    786432:qBPNt1Vn5rkfUg2K39kqiCXg8aJmd2V+fJk4pNs:MPvb5L4CJmd2QfJ3pO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup soothe2 v1.1.2.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup soothe2 v1.1.2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4760
    • C:\Users\Admin\AppData\Local\Temp\is-G6MQJ.tmp\Setup soothe2 v1.1.2.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-G6MQJ.tmp\Setup soothe2 v1.1.2.tmp" /SL5="$A01C8,30179246,121344,C:\Users\Admin\AppData\Local\Temp\Setup soothe2 v1.1.2.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:4728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-AEHLP.tmp\ISSKINU.DLL
    Filesize

    357KB

    MD5

    f30afccd6fafc1cad4567ada824c9358

    SHA1

    60a65b72f208563f90fba0da6af013a36707caa9

    SHA256

    e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

    SHA512

    59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-AEHLP.tmp\ISSKINU.DLL
    Filesize

    357KB

    MD5

    f30afccd6fafc1cad4567ada824c9358

    SHA1

    60a65b72f208563f90fba0da6af013a36707caa9

    SHA256

    e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

    SHA512

    59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-AEHLP.tmp\R2RINNO.dll
    Filesize

    4KB

    MD5

    0f8bbab51c5f70093b7ed7dd825d68e8

    SHA1

    a96809560b3e9001124083937a339cf2453a94c8

    SHA256

    7fc4fa7f5cea34df0a6733527081886cfb1c49b369df2db454de87cc4e70bdb5

    SHA512

    7b824ad5d7ec786535106d98bc80c9350f35ac2b76d7ee20163e90becf076dfeaca4732c0ecbe2d3d84a2efef337c380d5548ca0123e69e66e30bb396f0b9b81

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-AEHLP.tmp\SKIN.CJSTYLES
    Filesize

    813KB

    MD5

    5f87caf3f7cf63dde8e6af53bdf31289

    SHA1

    a2c3cc3d9d831acd797155b667db59a32000d7a8

    SHA256

    4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

    SHA512

    4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-AEHLP.tmp\SKIN.CJSTYLES
    Filesize

    813KB

    MD5

    5f87caf3f7cf63dde8e6af53bdf31289

    SHA1

    a2c3cc3d9d831acd797155b667db59a32000d7a8

    SHA256

    4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

    SHA512

    4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-G6MQJ.tmp\Setup soothe2 v1.1.2.tmp
    Filesize

    1.1MB

    MD5

    90fc739c83cd19766acb562c66a7d0e2

    SHA1

    451f385a53d5fed15e7649e7891e05f231ef549a

    SHA256

    821bd11693bf4b4b2b9f3c196036e1f4902abd95fb26873ea6c43e123b8c9431

    SHA512

    4cb11ad48b7585ef1b70fac9e3c25610b2f64a16358cd51e32adcb0b17a6ab1c934aeb10adaa8e9ddf69b2e2f1d18fe2e87b49b39f89b05ea13aa3205e41296c

    Download Submit

  • memory/4728-170-0x0000000075340000-0x0000000075550000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4728-175-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-140-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-145-0x0000000077190000-0x000000007720A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/4728-147-0x0000000077190000-0x000000007720A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/4728-146-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-148-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-149-0x0000000077190000-0x000000007720A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/4728-150-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-152-0x0000000075CB0000-0x0000000075CD5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/4728-151-0x0000000077190000-0x000000007720A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/4728-153-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-154-0x0000000077190000-0x000000007720A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/4728-156-0x0000000074640000-0x0000000074670000-memory.dmp

    Filesize

    192KB

    Download

  • memory/4728-155-0x0000000075CB0000-0x0000000075CD5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/4728-159-0x0000000075CB0000-0x0000000075CD5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/4728-157-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-160-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-161-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-158-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-162-0x00000000757A0000-0x0000000075883000-memory.dmp

    Filesize

    908KB

    Download

  • memory/4728-163-0x0000000075340000-0x0000000075550000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4728-164-0x00000000765F0000-0x0000000076BA3000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4728-165-0x0000000076170000-0x000000007621F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4728-166-0x0000000074480000-0x00000000745A2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4728-167-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-168-0x0000000076500000-0x00000000765DC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/4728-169-0x00000000757A0000-0x0000000075883000-memory.dmp

    Filesize

    908KB

    Download

  • memory/4728-172-0x0000000076170000-0x000000007621F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4728-171-0x00000000765F0000-0x0000000076BA3000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4728-173-0x00000000752C0000-0x0000000075334000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4728-142-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-176-0x0000000075340000-0x0000000075550000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4728-174-0x0000000074480000-0x00000000745A2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4728-177-0x00000000765F0000-0x0000000076BA3000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4728-179-0x00000000752C0000-0x0000000075334000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4728-178-0x0000000076170000-0x000000007621F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4728-180-0x0000000074480000-0x00000000745A2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4728-181-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-182-0x0000000075340000-0x0000000075550000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4728-183-0x00000000765F0000-0x0000000076BA3000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4728-184-0x0000000076170000-0x000000007621F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4728-186-0x00000000752C0000-0x0000000075334000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4728-187-0x0000000074480000-0x00000000745A2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4728-188-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-185-0x0000000075CB0000-0x0000000075CD5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/4728-189-0x0000000075340000-0x0000000075550000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4728-190-0x00000000765F0000-0x0000000076BA3000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4728-192-0x00000000752C0000-0x0000000075334000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4728-193-0x0000000074480000-0x00000000745A2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4728-191-0x0000000076170000-0x000000007621F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4728-194-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-195-0x0000000076500000-0x00000000765DC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/4728-196-0x00000000757A0000-0x0000000075883000-memory.dmp

    Filesize

    908KB

    Download

  • memory/4728-197-0x0000000075340000-0x0000000075550000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4728-198-0x00000000765F0000-0x0000000076BA3000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4728-199-0x0000000076170000-0x000000007621F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/4728-200-0x00000000752C0000-0x0000000075334000-memory.dmp

    Filesize

    464KB

    Download

  • memory/4728-201-0x0000000074480000-0x00000000745A2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/4728-202-0x00000000032D0000-0x0000000003331000-memory.dmp

    Filesize

    388KB

    Download

  • memory/4728-203-0x0000000075340000-0x0000000075550000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4760-132-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4760-134-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/4760-281-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download