Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

uninstall_office.exe

windows7-x64

7

uninstall_office.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    02/11/2023, 05:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uninstall_office.exe

  • Size

    10.4MB

  • MD5

    79f8a67b461bf58b19dc15e558debf83

  • SHA1

    8b7065b9282a6c2e6ed25d9bbfc17e2cc33c188d

  • SHA256

    c4d2c9d1c36f9018c72d3703c2d1c775df4700d9a2d8b49130a278a5629dd104

  • SHA512

    fc186e9683043ff0ab1635cf05c4082747e577cf39e4d9c1bfe1d4859d371b31b7b394f4309f26ae3b5725188d7d8e0d0e5ef219389c0fc2266ab5344c049343

  • SSDEEP

    196608:CAXv8SUdQmRrdA6ly8Qnf2ODjMnGydSdmyFEoFhnfQQJYSkrwOBWZA:NlUdQOl6F3MnG3dmUEwBfQQe1rwCs

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uninstall_office.exe
    "C:\Users\Admin\AppData\Local\Temp\uninstall_office.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Users\Admin\AppData\Local\Temp\uninstall_office.exe
      "C:\Users\Admin\AppData\Local\Temp\uninstall_office.exe"
      2⤵
      • Loads dropped DLL
      PID:2824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-2-0.dll
    Filesize

    8KB

    MD5

    ab9489a3ed8d1378dac3baed43b38e02

    SHA1

    1b07993e530b77771cdf47047b98799481fb4e89

    SHA256

    c63923e2de5058f09d7cbbcf017669b1f8d092d0f1d6480e3e8c8dfb6b98d2a3

    SHA512

    2e14443bec6b9248680c8deff01f4c234273a2d5ab3f80219994041b149bedbebb9948dc8245e52b31c70e4ae9ece8135ddf9e008321cafa15e48d741271f0a9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l2-1-0.dll
    Filesize

    8KB

    MD5

    8dde6f70cb9fbecac1133021f5c83043

    SHA1

    44fe0ae6d28ec94dca87f64ca36901ebc4512194

    SHA256

    2f1e75ea5a9fbae866e6c845e40d9f4cb0c1a72b847f3475478896cdb6fb3fb7

    SHA512

    43f607c0421077dbade38eb09a6d6ebfba686caf61b9922b3996524a9139dee6e434b3f75886581da6f3d9e1e5d4369078281ec891496f802e5e7fa04637001d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    11KB

    MD5

    2f30bfa1d9c8b7b54ffd066e9c673492

    SHA1

    affd011054b9f13bd9ffe1c31ef13caf782fae48

    SHA256

    70a70e2044581f416e1ef0713aa1c7ecaddc7027b68a7e53092f6489a5c1d8c9

    SHA512

    b4566712dc4e27182ed25705f1b93b6c7036fcaf42f0c3745038e99b4706e5800191ef98b166b1dd2d792f7257302c943313f8f2b14afda9fed225f43d9a8773

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    9KB

    MD5

    2fa11a8d349abc3789cde0cc4bae8d29

    SHA1

    9852d8d8c850dc1ad43741738371e624aaee7f72

    SHA256

    3c55e28bad11d8ebca5c4f27f758955357dfc505e0611e1f50166561cdee18cb

    SHA512

    87cac9929c705a5b2960083f5cce6edf833bb127406e348183a414d5b4ba2dc086f857e57d2a172c936f267dd56bfb781ec96e8aad199c7a5417e9263c12f02d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    9KB

    MD5

    186490538ab77ab3d26672a3c9fbb35e

    SHA1

    6f835a7c01e8117c9869c8125b1d798edbe167ad

    SHA256

    e6ec92481166d58802562c0125d6f3e0a5f0d97f6f011f23839960bde8dac5d5

    SHA512

    1820f25f597229525658ec2ba60f4e7d7fd8a015e0597c033335bbe62427e0a2d2ed59d0b244823b3ed31d2ee0dc04307c0708200ad62f9d212aafd2ed255812

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21442\python311.dll
    Filesize

    5.5MB

    MD5

    9a24c8c35e4ac4b1597124c1dcbebe0f

    SHA1

    f59782a4923a30118b97e01a7f8db69b92d8382a

    SHA256

    a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

    SHA512

    9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI21442\ucrtbase.dll
    Filesize

    983KB

    MD5

    bfc39414668264275f77188d54a36a48

    SHA1

    de45fdf2d9543a3d6eda428e1aca07f406ad2649

    SHA256

    a1d0642713935c73173d7a80680cd480de93348680104635793431dcfe94ce68

    SHA512

    657907caaf1539455efd0cb29f698605cf9a2cfc872087f782f485db25b187f986e9a0d1e3921eab7dafa4099f72d57c99259da2a7ab7240ffaada5c00f510eb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l1-2-0.dll
    Filesize

    8KB

    MD5

    ab9489a3ed8d1378dac3baed43b38e02

    SHA1

    1b07993e530b77771cdf47047b98799481fb4e89

    SHA256

    c63923e2de5058f09d7cbbcf017669b1f8d092d0f1d6480e3e8c8dfb6b98d2a3

    SHA512

    2e14443bec6b9248680c8deff01f4c234273a2d5ab3f80219994041b149bedbebb9948dc8245e52b31c70e4ae9ece8135ddf9e008321cafa15e48d741271f0a9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-file-l2-1-0.dll
    Filesize

    8KB

    MD5

    8dde6f70cb9fbecac1133021f5c83043

    SHA1

    44fe0ae6d28ec94dca87f64ca36901ebc4512194

    SHA256

    2f1e75ea5a9fbae866e6c845e40d9f4cb0c1a72b847f3475478896cdb6fb3fb7

    SHA512

    43f607c0421077dbade38eb09a6d6ebfba686caf61b9922b3996524a9139dee6e434b3f75886581da6f3d9e1e5d4369078281ec891496f802e5e7fa04637001d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    11KB

    MD5

    2f30bfa1d9c8b7b54ffd066e9c673492

    SHA1

    affd011054b9f13bd9ffe1c31ef13caf782fae48

    SHA256

    70a70e2044581f416e1ef0713aa1c7ecaddc7027b68a7e53092f6489a5c1d8c9

    SHA512

    b4566712dc4e27182ed25705f1b93b6c7036fcaf42f0c3745038e99b4706e5800191ef98b166b1dd2d792f7257302c943313f8f2b14afda9fed225f43d9a8773

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    9KB

    MD5

    2fa11a8d349abc3789cde0cc4bae8d29

    SHA1

    9852d8d8c850dc1ad43741738371e624aaee7f72

    SHA256

    3c55e28bad11d8ebca5c4f27f758955357dfc505e0611e1f50166561cdee18cb

    SHA512

    87cac9929c705a5b2960083f5cce6edf833bb127406e348183a414d5b4ba2dc086f857e57d2a172c936f267dd56bfb781ec96e8aad199c7a5417e9263c12f02d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21442\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    9KB

    MD5

    186490538ab77ab3d26672a3c9fbb35e

    SHA1

    6f835a7c01e8117c9869c8125b1d798edbe167ad

    SHA256

    e6ec92481166d58802562c0125d6f3e0a5f0d97f6f011f23839960bde8dac5d5

    SHA512

    1820f25f597229525658ec2ba60f4e7d7fd8a015e0597c033335bbe62427e0a2d2ed59d0b244823b3ed31d2ee0dc04307c0708200ad62f9d212aafd2ed255812

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21442\python311.dll
    Filesize

    5.5MB

    MD5

    9a24c8c35e4ac4b1597124c1dcbebe0f

    SHA1

    f59782a4923a30118b97e01a7f8db69b92d8382a

    SHA256

    a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

    SHA512

    9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI21442\ucrtbase.dll
    Filesize

    983KB

    MD5

    bfc39414668264275f77188d54a36a48

    SHA1

    de45fdf2d9543a3d6eda428e1aca07f406ad2649

    SHA256

    a1d0642713935c73173d7a80680cd480de93348680104635793431dcfe94ce68

    SHA512

    657907caaf1539455efd0cb29f698605cf9a2cfc872087f782f485db25b187f986e9a0d1e3921eab7dafa4099f72d57c99259da2a7ab7240ffaada5c00f510eb

    Download Submit