Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

Notiom_Setup.exe

windows7-x64

7

Notiom_Setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    73s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    01/11/2023, 00:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Notiom_Setup.exe

  • Size

    366.2MB

  • MD5

    830e85cc28b3f34f7d60452a62cb68e4

  • SHA1

    447dcdf35f842399e7fb8774fded2d132fcf1c37

  • SHA256

    aa934fadb092f1c9963d69b5b20e847cadf456a85d60622725b93eba0359ede9

  • SHA512

    456ae63dd482a224550b4cf8640dbccf8a1e650f12ea648aff67436cf70da6714c4e3d7cf4600ff8f355ab3ab0807bc643827d30fe4dcebcd89b870df4093b84

  • SSDEEP

    6291456:3Ba9L+p9JzwTd+gFrvvOaa8R9vnNA9V7DuFI9ZpMCeJ1duhTFSUbvM0l9NZjOTPN:3l9VwQ83Xxr/NA916cZmCeJ+Fvgq97Ox

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Notiom_Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Notiom_Setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Users\Admin\AppData\Local\Temp\is-N1PRK.tmp\Notiom_Setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-N1PRK.tmp\Notiom_Setup.tmp" /SL5="$8001C,383069178,1146880,C:\Users\Admin\AppData\Local\Temp\Notiom_Setup.exe"
      2⤵
      • Executes dropped EXE
      PID:2768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-N1PRK.tmp\Notiom_Setup.tmp
    Filesize

    3.3MB

    MD5

    d3b766e0579fe9e02e2f5ceaabb88932

    SHA1

    1fb2bb8c42e6a5aa1748810314e18e5de80ae70c

    SHA256

    cdc5e2a09f1121ea7c801ba636112934b7b9b17b9c9aae2ce71f5fef2e91ae86

    SHA512

    a3f976aa8e1e3b4b7c93ed7cb5f921e760780a8017b6663a0152124c7f7f9b2d41f491fbed331a68f0c096671a96e98505cc075d3cc10bdf80590d6b3343afa4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-N1PRK.tmp\Notiom_Setup.tmp
    Filesize

    3.3MB

    MD5

    d3b766e0579fe9e02e2f5ceaabb88932

    SHA1

    1fb2bb8c42e6a5aa1748810314e18e5de80ae70c

    SHA256

    cdc5e2a09f1121ea7c801ba636112934b7b9b17b9c9aae2ce71f5fef2e91ae86

    SHA512

    a3f976aa8e1e3b4b7c93ed7cb5f921e760780a8017b6663a0152124c7f7f9b2d41f491fbed331a68f0c096671a96e98505cc075d3cc10bdf80590d6b3343afa4

    Download Submit

  • memory/2768-8-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2768-12-0x0000000000400000-0x0000000000761000-memory.dmp

    Filesize

    3.4MB

    Download

  • memory/2768-13-0x00000000001D0000-0x00000000001D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2780-1-0x0000000000400000-0x0000000000525000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/2780-10-0x0000000000400000-0x0000000000525000-memory.dmp

    Filesize

    1.1MB

    Download