Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

tes_constr...04.exe

windows7-x64

7

tes_constr...04.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    11/05/2023, 01:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tes_construction_set_1.2.404.exe

  • Size

    7.0MB

  • MD5

    396089d6a610179d366d6b6b24ed52cd

  • SHA1

    0e6999c61ba62fa607ee334fad733acae3e8cbf4

  • SHA256

    34fd2cfbde39f21408be51e11ac399991550295484c518091ca0770f186fb4ec

  • SHA512

    fc32def8ff59b1ad92b598b9665adc116b85dd6545b36ef582f43fed2e3efc646bc2650343178550a1a14780c68c024354140f3ba6ee5c0c72945758e55e7088

  • SSDEEP

    196608:fp0c3is57E0DO+IO3ySMwDmCkr4EVY2UYJ2mHYUUvpIir:fp0c3N79DOhrwDmCZxmgeYzp1r

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\tes_construction_set_1.2.404.exe
    "C:\Users\Admin\AppData\Local\Temp\tes_construction_set_1.2.404.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Users\Admin\AppData\Local\Temp\tes_construction_set_1.2.404.exe
      C:\Users\Admin\AppData\Local\Temp\tes_construction_set_1.2.404.exe -deleter
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      PID:828

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\isp6E9.tmp\IGdi.dll
    Filesize

    196KB

    MD5

    cd37457a02ebb8cc8596ec1ec4805959

    SHA1

    b280ab56de15b2ba67bef5152f1489c04da02bbd

    SHA256

    07ced62e7f3611fb56840480778b3cce83ee02913de95bcd67f52dcb9fb0b0ed

    SHA512

    b35fb4006d1290a56d60c04e10d87ea6768c88a83ac26b36b29b1fdc583b17f48461a6afce12a58f036980467a8859f8258b6c9dcaf8066a89f62613e67bdd84

    Download Submit

  • C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    Filesize

    324KB

    MD5

    5b5182aa2d922801cbf083b2a69b1a46

    SHA1

    6dd0c36b874374b9c16c77ed8cd95c8c405358b4

    SHA256

    83412e1ed4caf8043a731b8cd86d739d85c831d01ccacc28c440343bbbca7a80

    SHA512

    c81005b53b495f69170530ee0f48f6772f7083e1fe2959cc78020a595d27498e0242ccaa3845a9cedfb52eee227726b084ce882b2fc3528efb32d895738dff63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ISPackFiles.ini
    Filesize

    739B

    MD5

    4b582edd5811e3feb0b113cb2cbcdeb6

    SHA1

    6e3c9f1cee3c4e7df8ac8ec1e0f273c585fdd026

    SHA256

    b622838d5e6cfa7ec72c27c74d291a930d8c800842c8bb6ab933fc9f933786b3

    SHA512

    80d799c7a509805b9e2f50fd05cfcbf87b2cde590a7dd31fa66f35c57b4a9f77ed6f0012ccd1c2c0e84fd1a3318f4809cb4b2023a789368bc307703c9633aef0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_isdelet.ini
    Filesize

    153B

    MD5

    54c129336767e805bb4cfab34255d252

    SHA1

    37d1d94fdc63a93b63648cf2688085c3314a7818

    SHA256

    a7014823a4e37402f2bfe7fb86dcb866a0cbc4621a816c6f4bd99ab77e7d2d59

    SHA512

    dcecc70fd4988c237206477e3b764e7ad04f8bd7eaf4eeabf5141d6c8ca6b61eee5c60f23fdd697cfe8ab6696a93247606ceb72ef47bd3b964b8e4783bdf3481

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bye2FE.tmp\Disk1\setup.ibt
    Filesize

    386KB

    MD5

    9402376c4dce39be1021b5f7ee2a6a80

    SHA1

    2e3a387969b92a47b64fc606a12a680b6b026c79

    SHA256

    e5908cd7a47f15dc7ac16b81ccb151576771e68594275dccff5119711afb6c0b

    SHA512

    59af674c92733e9a068cc8df38a59d3867f167acd8c1b3317330d59244c4090b3e8caac08a62341a42678dd8914c07ded6041f8815f92664ab36e49ab5ceaeb9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\isp6E8.tmp\_Setup.dll
    Filesize

    156KB

    MD5

    2656cb75c1f6b71cde6b7e7b3645e1d9

    SHA1

    7d20db395762e7ce19bf43c4e57820ac37d04db3

    SHA256

    12440426c955f9cadf425222da0a592c7e16ed9c4486225f4dc53378b59ab7b0

    SHA512

    bc1f6d579863a3435c4532b2dbeb3fb4258e9f0d0a85062b33709a28f3449197e86608d91e6ed5826291cde8328bc2238b1c7e4302e9f25bef4c7f50a1726af6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\isp6E8.tmp\_Setup.dll
    Filesize

    156KB

    MD5

    2656cb75c1f6b71cde6b7e7b3645e1d9

    SHA1

    7d20db395762e7ce19bf43c4e57820ac37d04db3

    SHA256

    12440426c955f9cadf425222da0a592c7e16ed9c4486225f4dc53378b59ab7b0

    SHA512

    bc1f6d579863a3435c4532b2dbeb3fb4258e9f0d0a85062b33709a28f3449197e86608d91e6ed5826291cde8328bc2238b1c7e4302e9f25bef4c7f50a1726af6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\iss31E.tmp\setup.ini
    Filesize

    480B

    MD5

    b9a348a7001ad06c1c6625593b5ba81a

    SHA1

    70152746181bf806a38a5b27d1d392afe8a18bd8

    SHA256

    17a7ce3aa45795f61e841f26e686e9ece666f15a4b8cb852c26937b71067eaf6

    SHA512

    387625752186ddbe630ac9f9c6399ae734b64fb9459e0bd2bddb77f26f75a90366985a91d1cf7b47c326a902c577adfd431f2fa25a7d76c4abfea51950cf2b53

    Download Submit

  • \Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKe798.tmp
    Filesize

    736KB

    MD5

    594678e8fc20d430eb7bd2de53f8f307

    SHA1

    0fa3e19b6444847f840b53786d92f2847c07959d

    SHA256

    8f137730eb7330b72ade6b67d6c4b3d6793280423a4e29c53973662a95fa24ba

    SHA512

    f2a336d69ed17c3beb7ccbcfdae6a74a19a0faa9a9cc342a072aee5257d5ab2c2bf7cd69bab429f6c44449cbbd1763bdb72bcd50dd82b5df3e4276fdae406b84

    Download Submit

  • \Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKe798.tmp
    Filesize

    736KB

    MD5

    594678e8fc20d430eb7bd2de53f8f307

    SHA1

    0fa3e19b6444847f840b53786d92f2847c07959d

    SHA256

    8f137730eb7330b72ade6b67d6c4b3d6793280423a4e29c53973662a95fa24ba

    SHA512

    f2a336d69ed17c3beb7ccbcfdae6a74a19a0faa9a9cc342a072aee5257d5ab2c2bf7cd69bab429f6c44449cbbd1763bdb72bcd50dd82b5df3e4276fdae406b84

    Download Submit

  • \Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\isp6E9.tmp\IGdi.dll
    Filesize

    196KB

    MD5

    cd37457a02ebb8cc8596ec1ec4805959

    SHA1

    b280ab56de15b2ba67bef5152f1489c04da02bbd

    SHA256

    07ced62e7f3611fb56840480778b3cce83ee02913de95bcd67f52dcb9fb0b0ed

    SHA512

    b35fb4006d1290a56d60c04e10d87ea6768c88a83ac26b36b29b1fdc583b17f48461a6afce12a58f036980467a8859f8258b6c9dcaf8066a89f62613e67bdd84

    Download Submit

  • \Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\isp6E9.tmp\IGdi.dll
    Filesize

    196KB

    MD5

    cd37457a02ebb8cc8596ec1ec4805959

    SHA1

    b280ab56de15b2ba67bef5152f1489c04da02bbd

    SHA256

    07ced62e7f3611fb56840480778b3cce83ee02913de95bcd67f52dcb9fb0b0ed

    SHA512

    b35fb4006d1290a56d60c04e10d87ea6768c88a83ac26b36b29b1fdc583b17f48461a6afce12a58f036980467a8859f8258b6c9dcaf8066a89f62613e67bdd84

    Download Submit

  • \Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
    Filesize

    324KB

    MD5

    5b5182aa2d922801cbf083b2a69b1a46

    SHA1

    6dd0c36b874374b9c16c77ed8cd95c8c405358b4

    SHA256

    83412e1ed4caf8043a731b8cd86d739d85c831d01ccacc28c440343bbbca7a80

    SHA512

    c81005b53b495f69170530ee0f48f6772f7083e1fe2959cc78020a595d27498e0242ccaa3845a9cedfb52eee227726b084ce882b2fc3528efb32d895738dff63

    Download Submit

  • \Users\Admin\AppData\Local\Temp\isp6E8.tmp\_Setup.dll
    Filesize

    156KB

    MD5

    2656cb75c1f6b71cde6b7e7b3645e1d9

    SHA1

    7d20db395762e7ce19bf43c4e57820ac37d04db3

    SHA256

    12440426c955f9cadf425222da0a592c7e16ed9c4486225f4dc53378b59ab7b0

    SHA512

    bc1f6d579863a3435c4532b2dbeb3fb4258e9f0d0a85062b33709a28f3449197e86608d91e6ed5826291cde8328bc2238b1c7e4302e9f25bef4c7f50a1726af6

    Download Submit