Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Setup.exe

windows7-x64

7

Setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2023, 16:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    6.6MB

  • MD5

    d3a804d3680c4355d0464e33903a0f85

  • SHA1

    6399faa1cc183dc00e2fcd15463e964b35c0c74c

  • SHA256

    48b86a47f4b47501f0bd263f21da63851277782a5750f41a52a656effa302118

  • SHA512

    116112c187012f04f979b441f2b057230209e8919d42a9490b66290e8a651512eb38702577a46cc225cdc6592c753251bb54dc01501d38dc9aecaf968c997cec

  • SSDEEP

    49152:hBuZrEUtnw9fSJ9R1WRaSL1mmvpFJW8M7r59uNA9jFzvqXZ831X333BC:HkLpqS/+v219eA9jFzvt3338

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Users\Admin\AppData\Local\Temp\is-32F8F.tmp\Setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-32F8F.tmp\Setup.tmp" /SL5="$40150,886784,0,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-32F8F.tmp\Setup.tmp
    Filesize

    3.1MB

    MD5

    36c6f16040eb09509ffd9822af9a10cf

    SHA1

    cc5c0a772d339b9d8beaf56afff7571c151d7614

    SHA256

    f42d7956e66cc961f2bfc276568ccd771ccdcad8da3f03665aa29db8367cda90

    SHA512

    1a707348b3d3d2188c7473904d189b2034a8f72e6418cd1c2b66f8dd73dde3922a3486aa572d6e0dc05d563881e0980037fc0b225f6ef9a413b421d59f46a12d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-32F8F.tmp\Setup.tmp
    Filesize

    3.1MB

    MD5

    36c6f16040eb09509ffd9822af9a10cf

    SHA1

    cc5c0a772d339b9d8beaf56afff7571c151d7614

    SHA256

    f42d7956e66cc961f2bfc276568ccd771ccdcad8da3f03665aa29db8367cda90

    SHA512

    1a707348b3d3d2188c7473904d189b2034a8f72e6418cd1c2b66f8dd73dde3922a3486aa572d6e0dc05d563881e0980037fc0b225f6ef9a413b421d59f46a12d

    Download Submit

  • memory/2064-1-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/2064-10-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/2064-24-0x0000000000400000-0x00000000004E6000-memory.dmp

    Filesize

    920KB

    Download

  • memory/2940-8-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2940-11-0x0000000000400000-0x0000000000720000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2940-12-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2940-14-0x0000000000400000-0x0000000000720000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2940-16-0x0000000000400000-0x0000000000720000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2940-22-0x0000000000400000-0x0000000000720000-memory.dmp

    Filesize

    3.1MB

    Download