Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

infinst.exe

windows10-1703-x64

4

infinst.exe

windows10-2004-x64

4

x3daudio1_1.dll

windows10-1703-x64

1

x3daudio1_1.dll

windows10-2004-x64

3

xactengine2_7.dll

windows10-1703-x64

7

xactengine2_7.dll

windows10-2004-x64

7

AutoPlay/D...UP.dll

windows10-1703-x64

4

AutoPlay/D...UP.dll

windows10-2004-x64

4

AutoPlay/D...UP.exe

windows10-1703-x64

4

AutoPlay/D...UP.exe

windows10-2004-x64

4

AutoPlay/D...S.pptx

windows10-1703-x64

1

AutoPlay/D...S.pptx

windows10-2004-x64

1

AutoPlay/D...er.exe

windows10-1703-x64

7

AutoPlay/D...er.exe

windows10-2004-x64

7

AutoPlay/D...32.dll

windows10-1703-x64

4

AutoPlay/D...32.dll

windows10-2004-x64

4

AutoPlay/D...up.exe

windows10-1703-x64

7

AutoPlay/D...up.exe

windows10-2004-x64

7

autorun.exe

windows10-1703-x64

3

autorun.exe

windows10-2004-x64

3

lua5.1.dll

windows10-1703-x64

3

lua5.1.dll

windows10-2004-x64

3

lua51.dll

windows10-1703-x64

3

lua51.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    1532s
  • max time network
    1593s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    15/02/2023, 04:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AutoPlay/Docs/VC_RedistInstaller.exe

  • Size

    47.8MB

  • MD5

    81d13c603e77045c22db7838706b4f00

  • SHA1

    ff9c335363cd764164b81699fbd2bf4aaac587cf

  • SHA256

    0cb11bd72d9b6c844ac3a7d046b1743790444c5fac4f8f3788ddb2cd5d2a38c4

  • SHA512

    ef17fffca705c5dca387df09bd02f9f5381edbc61864d04e6098fbd7dcdf7f22703dcc31121a5ebeb0861489bbfc41c5d549e06664d50ab64f38ff6d82e349a6

  • SSDEEP

    786432:pUuwDlB5zWhAaKoXa3hegoR5oFBJSISZsOkfIuxoVTclL4NFDFIgrZ8pmuMtDHN:WuwDFzWhbKBEgoqJf6FDF8mZlHN

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AutoPlay\Docs\VC_RedistInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\AutoPlay\Docs\VC_RedistInstaller.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:524
    • C:\Users\Admin\AppData\Local\Temp\is-PO8NV.tmp\VC_RedistInstaller.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-PO8NV.tmp\VC_RedistInstaller.tmp" /SL5="$9002E,49648524,177152,C:\Users\Admin\AppData\Local\Temp\AutoPlay\Docs\VC_RedistInstaller.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-I6L6O.tmp\isskin.dll
    Filesize

    385KB

    MD5

    92c2e247392e0e02261dea67e1bb1a5e

    SHA1

    db72fed8771364bf8039b2bc83ed01dda2908554

    SHA256

    25fdb94e386f8a41f10aba00ed092a91b878339f8e256a7252b11169122b0a68

    SHA512

    e938d2a1870ccb437d818b5301e6ecffaa6efbf4f0122e1a1ae0981057d7d0376039ea927c6fd326456da2d6904803fca26b87245367a4c5de2aebc47bdcd4b5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-PO8NV.tmp\VC_RedistInstaller.tmp
    Filesize

    1.2MB

    MD5

    7ffa1cc1b4853c537f5d42a2d35cf006

    SHA1

    7335bd34920ed968623cb491c059e68aea297447

    SHA256

    898084b9317155c6555327dd8bd2c7b20fb791a415fff2a1c03e6b43378655b4

    SHA512

    83f264be5a259d7dec001a6a759d4edb382141d739a2ea28d330bf62ef5d9b5ccb7c2d680d065e46e0c1ab0b8da36a4d25948e45ce1ec03f0ab62d4d39c7c88b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-PO8NV.tmp\VC_RedistInstaller.tmp
    Filesize

    1.2MB

    MD5

    7ffa1cc1b4853c537f5d42a2d35cf006

    SHA1

    7335bd34920ed968623cb491c059e68aea297447

    SHA256

    898084b9317155c6555327dd8bd2c7b20fb791a415fff2a1c03e6b43378655b4

    SHA512

    83f264be5a259d7dec001a6a759d4edb382141d739a2ea28d330bf62ef5d9b5ccb7c2d680d065e46e0c1ab0b8da36a4d25948e45ce1ec03f0ab62d4d39c7c88b

    Download Submit

  • memory/524-132-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/524-134-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download

  • memory/524-139-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download