Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 06:02

General

  • Target

    0a1690fce98ef60a3f10594eb4aa96d8.exe

  • Size

    958KB

  • MD5

    0a1690fce98ef60a3f10594eb4aa96d8

  • SHA1

    184acd1cce2015a9746a3e92bce86080415475c7

  • SHA256

    37ea0f625b2e86a3107aad9bfddb78ca5256e548a68cf5b449801c3fc33a7e77

  • SHA512

    f365120c7c7e35ef4afd3e118ed98e274240fa54fddf886ea92bad3f5e73464c9895b25faee163efa3efb7034b41edd7614d98cc634412cb68d0abff6e238bb3

  • SSDEEP

    24576:VsudcT9g4JTOMwufW/z7aUGX7BLw1SZ7l1ZL:6uiTSUaf7/z7kX7aA7B

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a1690fce98ef60a3f10594eb4aa96d8.exe
    "C:\Users\Admin\AppData\Local\Temp\0a1690fce98ef60a3f10594eb4aa96d8.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd87A.tmp\ModInstall.ini

    Filesize

    1KB

    MD5

    5fce9576f7c14cecd34cc5c29937ec87

    SHA1

    d3566e62fe57fd1b60fdc4913ab076924f5711f7

    SHA256

    5adbea33aef955293eeccaee4fff33c1440d9a7ffa98dc375be8b7ea48873040

    SHA512

    3b15bc1ff7d60c61e5c86fe925744305713e2d0e083c809653c691d2a2233f0bc9f7e6dd5ac4bb68e805e254c50c93b1c443026a09a481088036fcbc7a38fa36

  • C:\Users\Admin\AppData\Local\Temp\nsd87A.tmp\bigbox.bmp

    Filesize

    124KB

    MD5

    df10c8d74026651350999607d64a19dd

    SHA1

    59db7bb70558fda4fbe79fafa9647c4e9f5e94ef

    SHA256

    906849e14e9b6d0d1d4928d0018a763da4391ff3a4d9cdf9fc05c7f55a3d742b

    SHA512

    1967fcaaa95499943aeeb2a77e9dd62c1dc2116ead3e779d39b1c297a01235dcd2772cab7169a2802e7f48c9f671a156ed2a301343278775636117aa4943a7b5

  • \Users\Admin\AppData\Local\Temp\nsd87A.tmp\InstallOptions.dll

    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

  • \Users\Admin\AppData\Local\Temp\nsd87A.tmp\newadvsplash.dll

    Filesize

    8KB

    MD5

    7ee14dff57fb6e6c644b318d16768f4c

    SHA1

    9a5d5b31ab56ab01e9b0bd76c51b8b4605a8ccce

    SHA256

    53377d0710f551182edbab4150935425948535d11b92bf08a1c2dcf989723bd7

    SHA512

    0565ff2bdbdf044c5f90bd45475d478b48cdbd5e19569976291b1bdd703e61355410c65f29f2c9213faf56251beb16d342c8625288dad6afc670717b9636d51f