Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

AnyViewerSetup[1].exe

windows7-x64

4

AnyViewerSetup[1].exe

windows10-2004-x64

4

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2023, 11:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AnyViewerSetup[1].exe

  • Size

    40.8MB

  • MD5

    1c428d6ee030d606ce0f4bcbb03bd3fa

  • SHA1

    e8fabc81d2c49c23b9f951636d5a0769e02f1e47

  • SHA256

    9e8f522f7002903b634e692f0ca336073a10640d99aadda5dacbc8b2fd52679f

  • SHA512

    337d7d8609bf7b3b8c3d90f736eeffc01ae86b7d40085b0ca23f977bbe524b769d6efd02448ba0b732c902bd9dc764a7b10327d48f00d9dc29ff788e79e13ec3

  • SSDEEP

    786432:0FR9YRd9SGm2IErN94Hr/mNjtHvmBpQUFCiVzBX0869kCHtj:0kdVseyKRHvSpCi5BJ83Nj

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AnyViewerSetup[1].exe
    "C:\Users\Admin\AppData\Local\Temp\AnyViewerSetup[1].exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4948
    • C:\Users\Admin\AppData\Local\Temp\is-2804G.tmp\AnyViewerSetup[1].tmp
      "C:\Users\Admin\AppData\Local\Temp\is-2804G.tmp\AnyViewerSetup[1].tmp" /SL5="$70182,42112524,619008,C:\Users\Admin\AppData\Local\Temp\AnyViewerSetup[1].exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-2804G.tmp\AnyViewerSetup[1].tmp
    Filesize

    1.9MB

    MD5

    8ce6b53ded85e3ddd7bd5cff708b5a83

    SHA1

    dcd11bb9fde1342da724a5f24e878699be4ef48c

    SHA256

    3cb8ae64d7ccbf948f83b069a2ed9be9479d278a34c07e54796b80da69516c9c

    SHA512

    15e067c814f9330b7b324db69a5db545756286e7fed536479e3705fd431674f32aaef3e144c2eb8142c1e970064e610b1f557fd7aa3aa1d18e23a64ad0ce0f94

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-2804G.tmp\AnyViewerSetup[1].tmp
    Filesize

    1.9MB

    MD5

    8ce6b53ded85e3ddd7bd5cff708b5a83

    SHA1

    dcd11bb9fde1342da724a5f24e878699be4ef48c

    SHA256

    3cb8ae64d7ccbf948f83b069a2ed9be9479d278a34c07e54796b80da69516c9c

    SHA512

    15e067c814f9330b7b324db69a5db545756286e7fed536479e3705fd431674f32aaef3e144c2eb8142c1e970064e610b1f557fd7aa3aa1d18e23a64ad0ce0f94

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-BJ33L.tmp\CallbackCtrl.dll
    Filesize

    21KB

    MD5

    e4aaa24dd6549ca02e0fc45302345dd0

    SHA1

    f9e477719cdffadb39d42cc4a3e9e2e70277e3ed

    SHA256

    9fb8c2522b2c5f826bacd1bf5cb42af70aa2080fb680f96e747d3900eb40a6f9

    SHA512

    d04a788ebaffe0c4df0192f643f394e2c2ad026099ee2f26b94bc76f7685b70967d23b104f18a8acb8017f1da1c957a844e2f2aac7084228d02b183ae7150340

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-BJ33L.tmp\Checkblue.png
    Filesize

    535B

    MD5

    03852e4119bcbf5c8acf22120e956065

    SHA1

    a880595e09b1c89f5301684a355d42068a4aec77

    SHA256

    093f883620fe51cf139e131ce254c8969e33ade7bf8728a8e25e26c07ef070b8

    SHA512

    01245fc3ec1db821864b7b46f50911025c8cb583a3d75a83a70fa79191aa562e006f4933e8776a66bd2c039035074e170ab12f00d2399a757c773c803fb19374

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-BJ33L.tmp\MFCButton.dll
    Filesize

    220KB

    MD5

    2581ae0a7a36a6a389ea9cebb4f01f39

    SHA1

    bca0bb11737a79d8a2bc7f01a91985e25b0153fc

    SHA256

    e9304127981fd0b4e7f5cc2c19d8618b7deb0c3c9149045af66c5f7d6aa89222

    SHA512

    f2921c1487bda5d8dfd3cc274f758ea067f90565df1b5356fee9f9195486b5fd5618df6bbc653a2f703fd5e4c4f64d0a3e073787090c95c7b46890fc93b5868b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-BJ33L.tmp\MFCButton.dll
    Filesize

    220KB

    MD5

    2581ae0a7a36a6a389ea9cebb4f01f39

    SHA1

    bca0bb11737a79d8a2bc7f01a91985e25b0153fc

    SHA256

    e9304127981fd0b4e7f5cc2c19d8618b7deb0c3c9149045af66c5f7d6aa89222

    SHA512

    f2921c1487bda5d8dfd3cc274f758ea067f90565df1b5356fee9f9195486b5fd5618df6bbc653a2f703fd5e4c4f64d0a3e073787090c95c7b46890fc93b5868b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-BJ33L.tmp\MFCButton.dll
    Filesize

    220KB

    MD5

    2581ae0a7a36a6a389ea9cebb4f01f39

    SHA1

    bca0bb11737a79d8a2bc7f01a91985e25b0153fc

    SHA256

    e9304127981fd0b4e7f5cc2c19d8618b7deb0c3c9149045af66c5f7d6aa89222

    SHA512

    f2921c1487bda5d8dfd3cc274f758ea067f90565df1b5356fee9f9195486b5fd5618df6bbc653a2f703fd5e4c4f64d0a3e073787090c95c7b46890fc93b5868b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-BJ33L.tmp\PathFormat.dll
    Filesize

    221KB

    MD5

    ed26aedade2f4ca5da61ff5baa1a16d7

    SHA1

    1f9e736c00ff3b635ad89097937f16039ab00578

    SHA256

    0de968ffd4a6c60413cac739dccb1b162f8f93f3db754728fde8738e52706fa4

    SHA512

    e7b09cb39ee20fc8cff856b27b3b6a769a825b6de64e7161fa8e4b4abfd91808d22a7dc58af2adda66f0d7c32abcb89237d1e9568500e4b2ec65eed7d511d223

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-BJ33L.tmp\_isetup\_isdecmp.dll
    Filesize

    13KB

    MD5

    a813d18268affd4763dde940246dc7e5

    SHA1

    c7366e1fd925c17cc6068001bd38eaef5b42852f

    SHA256

    e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

    SHA512

    b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-BJ33L.tmp\_isetup\_isdecmp.dll
    Filesize

    13KB

    MD5

    a813d18268affd4763dde940246dc7e5

    SHA1

    c7366e1fd925c17cc6068001bd38eaef5b42852f

    SHA256

    e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

    SHA512

    b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-BJ33L.tmp\botva2.dll
    Filesize

    35KB

    MD5

    0177746573eed407f8dca8a9e441aa49

    SHA1

    6b462adf78059d26cbc56b3311e3b97fcb8d05f7

    SHA256

    a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

    SHA512

    d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-BJ33L.tmp\botva2.dll
    Filesize

    35KB

    MD5

    0177746573eed407f8dca8a9e441aa49

    SHA1

    6b462adf78059d26cbc56b3311e3b97fcb8d05f7

    SHA256

    a4b61626a1626fdabec794e4f323484aa0644baa1c905a5dcf785dc34564f008

    SHA512

    d4ac96da2d72e121d1d63d64e78bcea155d62af828324b81889a3cd3928ceeb12f7a22e87e264e34498d100b57cdd3735d2ab2316e1a3bf7fa099ddb75c5071a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-BJ33L.tmp\btopen.png
    Filesize

    2KB

    MD5

    90eb121bf0ae802f3ad12bc6582ca691

    SHA1

    8647260945740e2cd97a97b7cee6e5016688166f

    SHA256

    85a908620121820c1c40303d6e268bac586c469cbfbfe864143a2c96d171f56c

    SHA512

    881bdec3c122b7baaf81c01f91b24409377602c0d9398b09aa3ad7cb965d347bcee5e631ca87636edfad693d5666b8339ee45e8877500f78f823817d449ec8e1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-BJ33L.tmp\iconclose.png
    Filesize

    4KB

    MD5

    4b00487ff65448660795f0932ed58419

    SHA1

    b30870e50fe366335191ccab3418272b5a0fd7cd

    SHA256

    f81cbf673e0a8c2708cc6c2e84f589a4e347255cab30ab68c064cf41c7b9e684

    SHA512

    e3e971e79cb901eb1097c28c0a459a6abd5d7504029d13542cc11b8ceeed8fb38d71da77f31e036956af792bd3411d3182a5f2df514e8de0396f396941c0e1ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-BJ33L.tmp\iconminimize.png
    Filesize

    2KB

    MD5

    48b8fe1b77dfbc4b929245e1866634d6

    SHA1

    6c8c540cdae147b2ed0d623eaba7946fa592a4c5

    SHA256

    9ef1a17cbc12f12e0de6ccb45b99b21733bc24156fb97e4116894af879f0f194

    SHA512

    80603d2df7c39d2939959ca782429ede5abd0f730fef4329ac20f380b7d3f46991df14c255f3fab1e1f241f56160217f381f9542cbddae3ff0ced78dbcb9d8f4

    Download Submit

  • memory/2792-64-0x0000000005C20000-0x0000000005C2E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2792-91-0x0000000006130000-0x000000000616A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2792-7-0x00000000025E0000-0x00000000025E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-109-0x0000000000400000-0x00000000005ED000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2792-110-0x0000000005C20000-0x0000000005C2E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2792-111-0x00000000025E0000-0x00000000025E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-117-0x0000000005C20000-0x0000000005C2E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4948-1-0x0000000000400000-0x00000000004A1000-memory.dmp

    Filesize

    644KB

    Download

  • memory/4948-108-0x0000000000400000-0x00000000004A1000-memory.dmp

    Filesize

    644KB

    Download