Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

GOG-Games....es.url

windows7-x64

1

GOG-Games....es.url

windows10-2004-x64

1

setup_80_d...8).exe

windows7-x64

7

setup_80_d...8).exe

windows10-2004-x64

7

Analysis

  • max time kernel
    154s
  • max time network
    163s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2023, 15:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    setup_80_days_1.17.8_(44038).exe

  • Size

    106.3MB

  • MD5

    bde0aa5f33b99f495be27a515d07fff5

  • SHA1

    c63ddc9aa6d7af0bd912defe40510cc1849b2de5

  • SHA256

    57cd8450773ada4930061d016be52e3bc267288d5fc735e50bcbc4dc5268777d

  • SHA512

    a410b05ded7a028e332de7607409444a556cb2b2e2252ea98bb52bfe76b2037ac33f85a0eef378d1f282e9f90012666f1d21b9267a8226457f57db6c99f19d1e

  • SSDEEP

    3145728:I7/zxlTO8BrqGlgdtWLWBdz6s4nRW+KkoGuACFToWz6cRu2THQTDW:sDrXp86s4XKkZujNk2THQTK

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup_80_days_1.17.8_(44038).exe
    "C:\Users\Admin\AppData\Local\Temp\setup_80_days_1.17.8_(44038).exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Users\Admin\AppData\Local\Temp\is-8INCJ.tmp\setup_80_days_1.17.8_(44038).tmp
      "C:\Users\Admin\AppData\Local\Temp\is-8INCJ.tmp\setup_80_days_1.17.8_(44038).tmp" /SL5="$C0054,110878564,192512,C:\Users\Admin\AppData\Local\Temp\setup_80_days_1.17.8_(44038).exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-8INCJ.tmp\setup_80_days_1.17.8_(44038).tmp
    Filesize

    1.3MB

    MD5

    5c725efd120fe098bc61c0035adb1657

    SHA1

    d27d1342afafff994150f052993a6b4fc4bf50c0

    SHA256

    c1b779d7670de3fea23357409bc7a7a379685a57bd9e07102bc360c63f356c84

    SHA512

    02f9049c5479bea8e60e3e633ce11d16c2d8d0887ae69518691b276ff0283307b4983f2642d41fbb111ed0f26e3bcb0c182a93b8f95ea749666c57e7f9c3968a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\1207658966_english.jpg
    Filesize

    165KB

    MD5

    05511f73ea6d4342e347630789762de9

    SHA1

    9d2f6bd1b36f5290fb89259f19cd092151fbda30

    SHA256

    0c0591688784eb8de457da095d463d821ff6ba085438b4c333130594a0f0405d

    SHA512

    7c23e9a8d2607075607954a68293c49cacba4c684fda482bde8efba624abeaed1777a2f53bda4ba75423c35467975baf0b47714b32d820d33b8047d8717f16b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\1207665083_english.jpg
    Filesize

    268KB

    MD5

    d254d941dfddac7496284b101d868b85

    SHA1

    3d8f702650c3c41530afa9f1111dcfbe8dd54954

    SHA256

    2f6dc517bbfc598b054ffe270ac35ce41ee3740cd002cb3c03eeb1d73f7c21e4

    SHA512

    1d2edaacb42701b346b8b6b0fb494c1f935aaccc30ac0fa1382b7bd6a22d202d7e8d9b491e80d55b2edaf25edd4ba5424c4dc6ab63f8f315eb2c896a1232d6df

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\1430924174_english.jpg
    Filesize

    194KB

    MD5

    29a54918808464ef9fb0aeaa94cce258

    SHA1

    7652f2b9b8e56a8790f412d6d742fbfe09506209

    SHA256

    d4fbb53bc3ab00026944cf9402f0c44434375654ecaf75b3ef7c17033337fb4d

    SHA512

    2dd24dad9d0be559b9c72131663aef8838a3e72d333d3c27b2e2a2390f41e6403437e26ec4a9054993ae38382ef37260987ec543350f2d879e7087035df2bd3e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\1441229340_english.jpg
    Filesize

    180KB

    MD5

    d6a23c4167c56bdf8811940fbddc9d5d

    SHA1

    35873689b3e860cddfb02ce8def6ee8747f52351

    SHA256

    79d1bc468d70118ae336cae37430da3bb578ba1a9a1fd0ef59e8f0934012dce5

    SHA512

    43c5ce61f242e5a4c72ba6c09e675fc8e0b5c5506e3d939290f1a579a5e4652d6b081aa44199721254a7d7a12cf7b9faa31ef8c78b772a1c98b4f14efc614145

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\1450711444_english.jpg
    Filesize

    228KB

    MD5

    d664b71be35a1267760cadf4a9c2aeb7

    SHA1

    8df0ce0b9f99f6ddbf46517f9f2e57536ae29d30

    SHA256

    47a62591498951983247bb6099872492a0acacd1d90ccc7e786ebcd237dffa78

    SHA512

    e47a38d6480c1e8a111ffea4adf28f8edb646dcd5df9ebf60f49e3ae68a3f7b34887e99b3110dd45bc6f9a1aa3cf73dbf25ce5d6701338438600e7102cada7a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\BigOK.png
    Filesize

    3KB

    MD5

    5b43a5d975a53f4fc1da67ce9f7784c1

    SHA1

    8543fa1e471030049942252b23cb22e0880c3af5

    SHA256

    59d8bb3e87a89ef523c0495addce38d69560af42aaa82f56dd41b12e6612c13a

    SHA512

    5dd5c4e9859a555a4a32da76f5231b44f7556274c6501da530b2cdd570bcb4675f710bee708322a40ed3ef9280c0d652b4e7ef0e9eaf128c08534f59291917f5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\EULAAccepted.png
    Filesize

    2KB

    MD5

    461dfeb75927bdb39f9db5348612a611

    SHA1

    b7893b1fff6801e37ee7337d876962a09184941e

    SHA256

    0de278f5ca6d8570d9bda592268a14a28b87d3631fea2d25721947397aaab79c

    SHA512

    68528cf45c81c2c024a672f42c2cd6d4f72c015b443f103ca21deb8ee2bec4f4027490e7f33b5338a87537b5bf7f255f2828aed149f622155ec89cc81687651b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\EULAShow.png
    Filesize

    1KB

    MD5

    c596bc9111edc702bbbb29b70984254f

    SHA1

    d4712c7b91ff4f8994e7907d31357c42eb47c738

    SHA256

    6112851daea2aaa7174e8cfac4a0f61c968bc090342503804c476eff47cc2462

    SHA512

    db50d0a39ec644873a03d64552fff1776cc94f016e8dfc8918e65aee94f7529a6de4637567b5e65c4ea988f3775785c4b52c2d96fe8dbc52b1e21ff59c737c2a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\background.jpg
    Filesize

    300KB

    MD5

    70cc7d0f47ea3251cd7c5dbb60da3717

    SHA1

    d81b7d35d7e44eabe206315f92ee7e6c321529a6

    SHA256

    bf1494057f1fc8d74bdc0c3e1c22dacb306701b0d015b790cdb358ec7ecbf2c1

    SHA512

    ca3de3e081177e75fa5cd5538b737fc75e0345f7425732c833d3e78622a089e87488282fa7bb0efab3a317149292b93124f44a255f799e918a55cc2687ab2ca1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\botva2.dll
    Filesize

    35KB

    MD5

    0177746573eed407f8dca8a9e441aa49

    SHA1

    6b462adf78059d26cbc56b3311e3b97fcb8d05f7

    SHA256

    a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

    SHA512

    d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\botva2.dll
    Filesize

    35KB

    MD5

    0177746573eed407f8dca8a9e441aa49

    SHA1

    6b462adf78059d26cbc56b3311e3b97fcb8d05f7

    SHA256

    a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

    SHA512

    d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\btn_md5.png
    Filesize

    8KB

    MD5

    3befe9739354ee24a0b1ea8df05ce274

    SHA1

    ab0bda986a8c46aa19f57b75a2b7b22445a3c625

    SHA256

    b0193ab375f604fa4a25cabdea8f713babde1c07ab562ffc5679352c8e01db47

    SHA512

    ac016a59e0bfc9b22c376ae5d498c5660893a983d932b2bd502dabe032883c69e79ea8d93c2db49f95415c3cdb068e9f7d1d85527a4f9e68e065a989852d09dd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\crcdll.dll
    Filesize

    69KB

    MD5

    1d51fac9e2384eeb674199cfd5281d7d

    SHA1

    861dfdc121357d605d0cc3793266713788109eb2

    SHA256

    23e90ce5a1f2d634a7bf5d5d0522fafeea6df9e536e16f5ce91035d5197128ec

    SHA512

    921b00adfe43b883200960e8d0958d4e6b97f6d5cfc096ee277766a3e44cc7805a20877a4edf8bd4d9102bb71a20ac218a9a512f4f76bd751d3ef14f4e0a6eda

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\error.png
    Filesize

    726B

    MD5

    df10adc25b673e74e19971c17bee5a98

    SHA1

    ee16fb1cf9491f5e611282f0574b27d76fede412

    SHA256

    142b16dc6239421691fa6e619d1a61e61176d89fa018a88b46893c29a57aad8b

    SHA512

    dc3de10e0321966cbbfb2e57b3b41da6f26dff0c7233a47469da58775b5c471e6b5181e4d4ffc81ef8b83dbcad74ccc1aad7678518f99c9185a441d2a23e010f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\innocallback.dll
    Filesize

    63KB

    MD5

    1c55ae5ef9980e3b1028447da6105c75

    SHA1

    f85218e10e6aa23b2f5a3ed512895b437e41b45c

    SHA256

    6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

    SHA512

    1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\ok.png
    Filesize

    1KB

    MD5

    103c1368e60806b1b7995a0894eacf87

    SHA1

    971392527f6e4b655044773132505c901a6b5469

    SHA256

    0d37d4421a39ca8852eb6760b8e914302bdc6cfcc7b170dc1b6c9bb9be148b7e

    SHA512

    652177e94438aff102f2ed873b26f0985ebed134763852b49b1ca2698463c1dbeb85152f19c8e18d397229ec5cb2cd1d17c61d454ab7c425a2cab540adc8228a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\slideshow.ini
    Filesize

    695B

    MD5

    0ad2209690a8dd7c4283d1c1b46821ed

    SHA1

    82c9c9c3cc8ad9f16f6db0d03e04aed8b942db28

    SHA256

    c9bd0151e8d2247b49053d143b17204024577016fc114a5a027b4f87338e9b86

    SHA512

    5c4ed1f5aa9c1f8a3a4df24f26effbfe46c38d0edc4bd868da1aeba1d613e8b715aa217045a3fc3497d8fb965f0f3b2ced34db73d374d9224a7c01a84ddb9594

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\uninstall.dll
    Filesize

    691KB

    MD5

    7db706c324cc9b6fda497d081eed6e26

    SHA1

    ca97392e573af0cf61bfa3301801a85f2beea44c

    SHA256

    cc685dbcf798549ad1a51c1dde45462e2a451ec59f48ee91219182a3871cd5b0

    SHA512

    8edf1494d57d5e708faaff4170f21f435658be897a6fe0acf243ced0701a7fd574b3c973c5bc5e8d92815e966c98977e69ac1e3083ab00c11b072115527ffa19

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-IN9P6.tmp\uninstall.dll
    Filesize

    691KB

    MD5

    7db706c324cc9b6fda497d081eed6e26

    SHA1

    ca97392e573af0cf61bfa3301801a85f2beea44c

    SHA256

    cc685dbcf798549ad1a51c1dde45462e2a451ec59f48ee91219182a3871cd5b0

    SHA512

    8edf1494d57d5e708faaff4170f21f435658be897a6fe0acf243ced0701a7fd574b3c973c5bc5e8d92815e966c98977e69ac1e3083ab00c11b072115527ffa19

    Download Submit

  • memory/208-304-0x0000000005640000-0x000000000564E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/208-148-0x00000000030F0000-0x00000000031A7000-memory.dmp

    Filesize

    732KB

    Download

  • memory/208-193-0x0000000005640000-0x000000000564E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/208-139-0x0000000002850000-0x0000000002851000-memory.dmp

    Filesize

    4KB

    Download

  • memory/208-299-0x00000000031B0000-0x00000000031B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/208-301-0x00000000001B0000-0x0000000000302000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/208-302-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/208-303-0x00000000030F0000-0x00000000031A7000-memory.dmp

    Filesize

    732KB

    Download

  • memory/208-305-0x0000000002850000-0x0000000002851000-memory.dmp

    Filesize

    4KB

    Download

  • memory/208-318-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/208-320-0x0000000005640000-0x000000000564E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4756-300-0x0000000000180000-0x00000000001B9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4756-134-0x0000000000180000-0x00000000001B9000-memory.dmp

    Filesize

    228KB

    Download