Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

LANC v2.exe

windows7-x64

3

LANC v2.exe

windows10-2004-x64

3

LoginTheme.dll

windows7-x64

1

LoginTheme.dll

windows10-2004-x64

1

MephTheme.dll

windows7-x64

1

MephTheme.dll

windows10-2004-x64

1

PREREQUISI...64.exe

windows7-x64

7

PREREQUISI...64.exe

windows10-2004-x64

7

PREREQUISI..._3.exe

windows7-x64

7

PREREQUISI..._3.exe

windows10-2004-x64

7

PREREQUISI...64.exe

windows7-x64

7

PREREQUISI...64.exe

windows10-2004-x64

7

PREREQUISI...86.exe

windows7-x64

7

PREREQUISI...86.exe

windows10-2004-x64

7

PcapDotNet...is.dll

windows7-x64

1

PcapDotNet...is.dll

windows10-2004-x64

1

PcapDotNet.Base.dll

windows7-x64

1

PcapDotNet.Base.dll

windows10-2004-x64

1

PcapDotNet...ns.dll

windows7-x64

1

PcapDotNet...ns.dll

windows10-2004-x64

1

PcapDotNet.Core.dll

windows7-x64

1

PcapDotNet.Core.dll

windows10-2004-x64

1

PcapDotNet...ts.dll

windows7-x64

1

PcapDotNet...ts.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2023, 08:29 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PREREQUISITES/vcredist_x86.exe

  • Size

    4.8MB

  • MD5

    b88228d5fef4b6dc019d69d4471f23ec

  • SHA1

    372d9c1670343d3fb252209ba210d4dc4d67d358

  • SHA256

    8162b2d665ca52884507ede19549e99939ce4ea4a638c537fa653539819138c8

  • SHA512

    cdd218d211a687dde519719553748f3fb36d4ac618670986a6dadb4c45b34a9c6262ba7bab243a242f91d867b041721f22330170a74d4d0b2c354aec999dbff8

  • SSDEEP

    98304:RuLgywiN1ah6HcG0UJrN7SDgndrHZDMeaNNjt0CKKBgY2r71pZ/APaOR72HgQo0z:I7wq1W6HqULS8djZDTaNNeCKVP5ORsg0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PREREQUISITES\vcredist_x86.exe
    "C:\Users\Admin\AppData\Local\Temp\PREREQUISITES\vcredist_x86.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1696
    • \??\c:\f8a34fd1040d6974b1\Setup.exe
      c:\f8a34fd1040d6974b1\Setup.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\HFI708F.tmp.html
    Filesize

    15KB

    MD5

    cd131d41791a543cc6f6ed1ea5bd257c

    SHA1

    f42a2708a0b42a13530d26515274d1fcdbfe8490

    SHA256

    e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

    SHA512

    a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

    Download Submit

  • C:\f8a34fd1040d6974b1\Setup.exe
    Filesize

    76KB

    MD5

    006f8a615020a4a17f5e63801485df46

    SHA1

    78c82a80ebf9c8bf0c996dd8bc26087679f77fea

    SHA256

    d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

    SHA512

    c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\1028\LocalizedData.xml
    Filesize

    29KB

    MD5

    7fc06a77d9aafca9fb19fafa0f919100

    SHA1

    e565740e7d582cd73f8d3b12de2f4579ff18bb41

    SHA256

    a27f809211ea1a2d5224cd01101aa3a59bf7853168e45de28a16ef7ed6acd46a

    SHA512

    466dcc6a5fb015be1619f5725fa62ca46eb0fb428e11f93fd9d82e5df61c3950b3fb62d4db7746cc4a2be199e5e69eaa30b6f3354e0017cfa14d127fad52f8cf

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\1031\LocalizedData.xml
    Filesize

    40KB

    MD5

    b83c3803712e61811c438f6e98790369

    SHA1

    61a0bc59388786ced045acd82621bee8578cae5a

    SHA256

    2aa6e8d402e44d9ee895b18195f46bf90259de1b6f44efd46a7075b110f2dcd6

    SHA512

    e020f93e3a082476087e690ad051f1feb210e0915924bb4548cc9f53a7ee2760211890eb6036ce9e5e4a311abc0300e89e25efbbb894c2a621ffbc9d64cc8a38

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\1033\LocalizedData.xml
    Filesize

    38KB

    MD5

    d642e322d1e8b739510ca540f8e779f9

    SHA1

    36279c76d9f34c09ebddc84fd33fcc7d4b9a896c

    SHA256

    5d90345ff74e177f6da8fb6459c1cfcac080e698215ca75feb130d0d1f2a76b9

    SHA512

    e1e16ae14bc7cc1608e1a08d3c92b6d0518b5fabd27f2c0eb514c87afc3d6192bf7a793a583afc65f1899f03dc419263b29174456e1ec9ab0f0110e0258e0f0d

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\1033\SetupResources.dll
    Filesize

    16KB

    MD5

    9547d24ac04b4d0d1dbf84f74f54faf7

    SHA1

    71af6001c931c3de7c98ddc337d89ab133fe48bb

    SHA256

    36d0159ed1a7d88000737e920375868765c0a1dd6f5a5acbb79cf7d97d9e7a34

    SHA512

    8b6048f4185a711567679e2de4789407077ce5bfe72102d3cb1f23051b8d3e6bfd5886c801d85b4e62f467dd12da1c79026a4bc20b17f54c693b2f24e499d40f

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\1036\LocalizedData.xml
    Filesize

    40KB

    MD5

    e382abc19294f779d2833287242e7bc6

    SHA1

    1ceae32d6b24a3832f9244f5791382865b668a72

    SHA256

    43f913ff28d677316f560a0f45221f35f27cfaf5fc5bd645974a82dca589edbf

    SHA512

    06054c8048cade36a3af54f9a07fd8fa5eb4f3228790996d2abea7ee1ee7eb563d46bd54ff97441f9610e778194082c44e66c5f566c9c50a042aba9eb9cae25e

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\1040\LocalizedData.xml
    Filesize

    39KB

    MD5

    0af948fe4142e34092f9dd47a4b8c275

    SHA1

    b3d6dd5c126280398d9055f90e2c2c26dbae4eaa

    SHA256

    c4c7c0ddaa6d6a3a1dc260e9c5a24bdfaa98c427c69e8a65427dd7cac0a4b248

    SHA512

    d97b5fe2553ca78a3019d53e33d2db80c9fa1cf1d8d2501d9ddf0576c7e6ea38dab754fe4712123abf34b97e10b18fb4bbd1c76d3dacb87b4682e501f93423d9

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\1041\LocalizedData.xml
    Filesize

    33KB

    MD5

    7fcfbc308b0c42dcbd8365ba62bada05

    SHA1

    18a0f0e89b36818c94de0ad795cc593d0e3e29a9

    SHA256

    01e7d24dd8e00b5c333e96d1bb83813e02e96f89aad0c2f28f84551d28abbbe2

    SHA512

    cd6f912a037e86d9e1982c73f0f8b3c4d5a9a6b5b108a7b89a46e6691e430a7cb55718de9a0c05650bb194c8d4a2e309ad6221d638cfca8e16aa5920881ba649

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\1042\LocalizedData.xml
    Filesize

    32KB

    MD5

    71dfd70ae141f1d5c1366cb661b354b2

    SHA1

    c4b22590e6f6dd5d39e5158b831ae217ce17a776

    SHA256

    cccda55294aeb4af166a8c0449bca2189ddf5aa9a43d5e939dd3803e61738331

    SHA512

    5000d62f3de41c3fb0ed8a8e9c37dbf4eb427c4f1e3ad3823d4716c6fe62250bac11b7987a302b8a45d91aabcf332457f7aff7d99f15edeffe540639e9440e8a

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\1049\LocalizedData.xml
    Filesize

    39KB

    MD5

    0eeb554d0b9f9fcdb22401e2532e9cd0

    SHA1

    08799520b72a1ef92ac5b94a33509d1eddf6caf8

    SHA256

    beef0631c17a4fb1ff0b625c50c6cb6c8ce90a1ae62c5e60e14bf3d915ad509c

    SHA512

    2180e46a5a2ea1f59c879b729806ca02a232c66660f29c338c1fa7fbee2afa4b13d8777d1f7b63cf831eb42f3e55282d70aa8e53f40616b8a6e4d695c36e313d

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\2052\LocalizedData.xml
    Filesize

    30KB

    MD5

    52b1dc12ce4153aa759fb3bbe04d01fc

    SHA1

    bf21f8591c473d1fce68a9faf1e5942f486f6eba

    SHA256

    d1735c8cfd8e10ba019d70818c19fa865e7c72f30ab6421a3748408f85fb96c3

    SHA512

    418903ae9a7baebf73d055e4774ff1917fbaab9ee7ed8c120c34bb10e7303f6dd7b7dae701596d4626387a30ae1b4d329a9af49b8718b360e2ff619c56c19623

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\3082\LocalizedData.xml
    Filesize

    39KB

    MD5

    5397a12d466d55d566b4209e0e4f92d3

    SHA1

    fcffd8961fb487995543fc173521fdf5df6e243b

    SHA256

    f124d318138ff084b6484deb354cca0f72296e1341bf01169792b3e060c89e89

    SHA512

    7708f5a2ad3e4c90c4c216600435af87a1557f60caf880a3dd9b5f482e17399af9f0b9de03ff1dbdd210583e0fec5b466e35794ac24d6d37f9bbc094e52fc77b

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\DHTMLHeader.html
    Filesize

    15KB

    MD5

    cd131d41791a543cc6f6ed1ea5bd257c

    SHA1

    f42a2708a0b42a13530d26515274d1fcdbfe8490

    SHA256

    e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

    SHA512

    a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\ParameterInfo.xml
    Filesize

    8KB

    MD5

    66590f13f4c9ba563a9180bdf25a5b80

    SHA1

    d6d9146faeec7824b8a09dd6978e5921cc151906

    SHA256

    bf787b8c697ce418f9d4c07260f56d1145ca70db1cc4b1321d37840837621e8f

    SHA512

    aba67c66c2f3d9b3c9d71d64511895f15f696be8be0eedd2d6908e1203c4b0cf318b366f9f3cd9c3b3b8c0770462f83e6eea73e304c43f88d0cbedf69e7c92b3

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\Setup.exe
    Filesize

    76KB

    MD5

    006f8a615020a4a17f5e63801485df46

    SHA1

    78c82a80ebf9c8bf0c996dd8bc26087679f77fea

    SHA256

    d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

    SHA512

    c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\SetupEngine.dll
    Filesize

    788KB

    MD5

    84c1daf5f30ff99895ecab3a55354bcf

    SHA1

    7e25ba36bcc7deed89f3c9568016ddb3156c9c5a

    SHA256

    7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd

    SHA512

    e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\SetupUi.dll
    Filesize

    288KB

    MD5

    eb881e3dddc84b20bd92abcec444455f

    SHA1

    e2c32b1c86d4f70e39de65e9ebc4f361b24ff4a1

    SHA256

    11565d97287c01d22ad2e46c78d8a822fa3e6524561d4c02dfc87e8d346c44e7

    SHA512

    5750cec73b36a3f19bfb055f880f3b6498a7ae589017333f6272d26f1c72c6f475a3308826268a098372bbb096b43fbd1e06e93eecc0a81046668228bc179a75

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\SetupUi.xsd
    Filesize

    29KB

    MD5

    2fadd9e618eff8175f2a6e8b95c0cacc

    SHA1

    9ab1710a217d15b192188b19467932d947b0a4f8

    SHA256

    222211e8f512edf97d78bc93e1f271c922d5e91fa899e092b4a096776a704093

    SHA512

    a3a934a8572ff9208d38cf381649bd83de227c44b735489fd2a9dc5a636ead9bb62459c9460ee53f61f0587a494877cd3a3c2611997be563f3137f8236ffc4ca

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\Strings.xml
    Filesize

    13KB

    MD5

    332adf643747297b9bfa9527eaefe084

    SHA1

    670f933d778eca39938a515a39106551185205e9

    SHA256

    e49545feeae22198728ad04236e31e02035af7cc4d68e10cbecffd08669cbeca

    SHA512

    bea95ce35c4c37b4b2e36cc1e81fc297cc4a8e17b93f10423a02b015ddb593064541b5eb7003560fbeee512ed52869a113a6fb439c1133af01f884a0db0344b0

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\UiInfo.xml
    Filesize

    35KB

    MD5

    812f8d2e53f076366fa3a214bb4cf558

    SHA1

    35ae734cfb99bb139906b5f4e8efbf950762f6f0

    SHA256

    0d36a884a8381778bea71f5f9f0fc60cacadebd3f814679cb13414b8e7dbc283

    SHA512

    1dcc3ef8c390ca49fbcd50c02accd8cc5700db3594428e2129f79feb81e4cbbeef1b4a10628b2cd66edf31a69ed39ca2f4e252ad8aa13d2f793fca5b9a1eaf23

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\graphics\print.ico
    Filesize

    1KB

    MD5

    7e55ddc6d611176e697d01c90a1212cf

    SHA1

    e2620da05b8e4e2360da579a7be32c1b225deb1b

    SHA256

    ff542e32330b123486797b410621e19eafb39df3997e14701afa4c22096520ed

    SHA512

    283d381aa396820b7e15768b20099d67688da1f6315ec9f7938c2fcc3167777502cded0d1beddf015a34cc4e5d045bcb665ffd28ba2fbb6faf50fdd38b31d16e

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\graphics\save.ico
    Filesize

    1KB

    MD5

    7d62e82d960a938c98da02b1d5201bd5

    SHA1

    194e96b0440bf8631887e5e9d3cc485f8e90fbf5

    SHA256

    ae041c8764f56fd89277b34982145d16fc59a4754d261c861b19371c3271c6e5

    SHA512

    ab06b2605f0c1f6b71ef69563c0c977d06c6ea84d58ef7f2baecba566d6037d1458c2b58e6bfd70ddef47dccbdea6d9c2f2e46dea67ea9e92457f754d7042f67

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\graphics\setup.ico
    Filesize

    35KB

    MD5

    3d25d679e0ff0b8c94273dcd8b07049d

    SHA1

    a517fc5e96bc68a02a44093673ee7e076ad57308

    SHA256

    288e9ad8f0201e45bc187839f15aca79d6b9f76a7d3c9274c80f5d4a4c219c0f

    SHA512

    3bde668004ca7e28390862d0ae9903c756c16255bdbb3f7e73a5b093ce6a57a3165d6797b0a643b254493149231aca7f7f03e0af15a0cbe28aff02f0071ec255

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\graphics\stop.ico
    Filesize

    9KB

    MD5

    5dfa8d3abcf4962d9ec41cfc7c0f75e3

    SHA1

    4196b0878c6c66b6fa260ab765a0e79f7aec0d24

    SHA256

    b499e1b21091b539d4906e45b6fdf490d5445256b72871aece2f5b2562c11793

    SHA512

    69a13d4348384f134ba93c9a846c6760b342e3a7a2e9df9c7062088105ac0b77b8a524f179efb1724c0ce168e01ba8bb46f2d6fae39cabe32cab9a34fc293e4a

    Download Submit

  • \??\c:\f8a34fd1040d6974b1\sqmapi.dll
    Filesize

    141KB

    MD5

    3f0363b40376047eff6a9b97d633b750

    SHA1

    4eaf6650eca5ce931ee771181b04263c536a948b

    SHA256

    bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

    SHA512

    537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

    Download Submit

  • \f8a34fd1040d6974b1\1033\SetupResources.dll
    Filesize

    16KB

    MD5

    9547d24ac04b4d0d1dbf84f74f54faf7

    SHA1

    71af6001c931c3de7c98ddc337d89ab133fe48bb

    SHA256

    36d0159ed1a7d88000737e920375868765c0a1dd6f5a5acbb79cf7d97d9e7a34

    SHA512

    8b6048f4185a711567679e2de4789407077ce5bfe72102d3cb1f23051b8d3e6bfd5886c801d85b4e62f467dd12da1c79026a4bc20b17f54c693b2f24e499d40f

    Download Submit

  • \f8a34fd1040d6974b1\Setup.exe
    Filesize

    76KB

    MD5

    006f8a615020a4a17f5e63801485df46

    SHA1

    78c82a80ebf9c8bf0c996dd8bc26087679f77fea

    SHA256

    d273460aa4d42f0b5764383e2ab852ab9af6fecb3ed866f1783869f2f155d8be

    SHA512

    c603ed6f3611eb7049a43a190ed223445a9f7bd5651100a825917198b50c70011e950fa968d3019439afa0a416752517b1c181ee9445e02da3904f4e4b73ce76

    Download Submit

  • \f8a34fd1040d6974b1\SetupEngine.dll
    Filesize

    788KB

    MD5

    84c1daf5f30ff99895ecab3a55354bcf

    SHA1

    7e25ba36bcc7deed89f3c9568016ddb3156c9c5a

    SHA256

    7a0d281fa802d615ea1207bd2e9ebb98f3b74f9833bba3cb964ba7c7e0fb67fd

    SHA512

    e4fb7e4d39f094463fdcdc4895ab2ea500eb51a32b6909cec80a526bbf34d5c0eb98f47ee256c0f0865bf3169374937f047bf5c4d6762779c8ca3332b4103be3

    Download Submit

  • \f8a34fd1040d6974b1\SetupUi.dll
    Filesize

    288KB

    MD5

    eb881e3dddc84b20bd92abcec444455f

    SHA1

    e2c32b1c86d4f70e39de65e9ebc4f361b24ff4a1

    SHA256

    11565d97287c01d22ad2e46c78d8a822fa3e6524561d4c02dfc87e8d346c44e7

    SHA512

    5750cec73b36a3f19bfb055f880f3b6498a7ae589017333f6272d26f1c72c6f475a3308826268a098372bbb096b43fbd1e06e93eecc0a81046668228bc179a75

    Download Submit

  • \f8a34fd1040d6974b1\sqmapi.dll
    Filesize

    141KB

    MD5

    3f0363b40376047eff6a9b97d633b750

    SHA1

    4eaf6650eca5ce931ee771181b04263c536a948b

    SHA256

    bd6395a58f55a8b1f4063e813ce7438f695b9b086bb965d8ac44e7a97d35a93c

    SHA512

    537be86e2f171e0b2b9f462ac7f62c4342beb5d00b68451228f28677d26a525014758672466ad15ed1fd073be38142dae478df67718908eae9e6266359e1f9e8

    Download Submit

  • memory/2628-98-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2628-103-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.