Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

infinst.exe

windows10-1703-x64

4

infinst.exe

windows10-2004-x64

4

x3daudio1_1.dll

windows10-1703-x64

1

x3daudio1_1.dll

windows10-2004-x64

3

xactengine2_7.dll

windows10-1703-x64

7

xactengine2_7.dll

windows10-2004-x64

7

AutoPlay/D...UP.dll

windows10-1703-x64

4

AutoPlay/D...UP.dll

windows10-2004-x64

4

AutoPlay/D...UP.exe

windows10-1703-x64

4

AutoPlay/D...UP.exe

windows10-2004-x64

4

AutoPlay/D...S.pptx

windows10-1703-x64

1

AutoPlay/D...S.pptx

windows10-2004-x64

1

AutoPlay/D...er.exe

windows10-1703-x64

7

AutoPlay/D...er.exe

windows10-2004-x64

7

AutoPlay/D...32.dll

windows10-1703-x64

4

AutoPlay/D...32.dll

windows10-2004-x64

4

AutoPlay/D...up.exe

windows10-1703-x64

7

AutoPlay/D...up.exe

windows10-2004-x64

7

autorun.exe

windows10-1703-x64

3

autorun.exe

windows10-2004-x64

3

lua5.1.dll

windows10-1703-x64

3

lua5.1.dll

windows10-2004-x64

3

lua51.dll

windows10-1703-x64

3

lua51.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    384s
  • max time network
    1826s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-es
  • resource tags

    arch:x64arch:x86image:win10-20220901-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    15/02/2023, 04:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AutoPlay/Docs/VC_RedistInstaller.exe

  • Size

    47.8MB

  • MD5

    81d13c603e77045c22db7838706b4f00

  • SHA1

    ff9c335363cd764164b81699fbd2bf4aaac587cf

  • SHA256

    0cb11bd72d9b6c844ac3a7d046b1743790444c5fac4f8f3788ddb2cd5d2a38c4

  • SHA512

    ef17fffca705c5dca387df09bd02f9f5381edbc61864d04e6098fbd7dcdf7f22703dcc31121a5ebeb0861489bbfc41c5d549e06664d50ab64f38ff6d82e349a6

  • SSDEEP

    786432:pUuwDlB5zWhAaKoXa3hegoR5oFBJSISZsOkfIuxoVTclL4NFDFIgrZ8pmuMtDHN:WuwDFzWhbKBEgoqJf6FDF8mZlHN

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AutoPlay\Docs\VC_RedistInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\AutoPlay\Docs\VC_RedistInstaller.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:404
    • C:\Users\Admin\AppData\Local\Temp\is-VHHFL.tmp\VC_RedistInstaller.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-VHHFL.tmp\VC_RedistInstaller.tmp" /SL5="$300DC,49648524,177152,C:\Users\Admin\AppData\Local\Temp\AutoPlay\Docs\VC_RedistInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:3472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-VHHFL.tmp\VC_RedistInstaller.tmp
    Filesize

    1.2MB

    MD5

    7ffa1cc1b4853c537f5d42a2d35cf006

    SHA1

    7335bd34920ed968623cb491c059e68aea297447

    SHA256

    898084b9317155c6555327dd8bd2c7b20fb791a415fff2a1c03e6b43378655b4

    SHA512

    83f264be5a259d7dec001a6a759d4edb382141d739a2ea28d330bf62ef5d9b5ccb7c2d680d065e46e0c1ab0b8da36a4d25948e45ce1ec03f0ab62d4d39c7c88b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-VHHFL.tmp\VC_RedistInstaller.tmp
    Filesize

    1.2MB

    MD5

    7ffa1cc1b4853c537f5d42a2d35cf006

    SHA1

    7335bd34920ed968623cb491c059e68aea297447

    SHA256

    898084b9317155c6555327dd8bd2c7b20fb791a415fff2a1c03e6b43378655b4

    SHA512

    83f264be5a259d7dec001a6a759d4edb382141d739a2ea28d330bf62ef5d9b5ccb7c2d680d065e46e0c1ab0b8da36a4d25948e45ce1ec03f0ab62d4d39c7c88b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-GFPUI.tmp\isskin.dll
    Filesize

    385KB

    MD5

    92c2e247392e0e02261dea67e1bb1a5e

    SHA1

    db72fed8771364bf8039b2bc83ed01dda2908554

    SHA256

    25fdb94e386f8a41f10aba00ed092a91b878339f8e256a7252b11169122b0a68

    SHA512

    e938d2a1870ccb437d818b5301e6ecffaa6efbf4f0122e1a1ae0981057d7d0376039ea927c6fd326456da2d6904803fca26b87245367a4c5de2aebc47bdcd4b5

    Download Submit

  • memory/404-152-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-155-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/404-151-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-123-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-124-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-125-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-126-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-127-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-128-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-129-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-131-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-130-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-132-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-133-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-134-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-135-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-136-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-137-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-138-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-139-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-140-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-141-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-142-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-143-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-144-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-145-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-146-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-147-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-148-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-149-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-150-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-120-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-122-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-121-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-153-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/404-156-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-157-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-158-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/404-233-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/3472-183-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-185-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-165-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-166-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-162-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-169-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-171-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-172-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-170-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-173-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-176-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-164-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-174-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-161-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-179-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-178-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-177-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-181-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-182-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-180-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-175-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-167-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-184-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-163-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-186-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3472-187-0x00000000778B0000-0x0000000077A3E000-memory.dmp

    Filesize

    1.6MB

    Download