Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

638cfffa2f...45.exe

windows7-x64

7

638cfffa2f...45.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 09:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    638cfffa2f94398eb16021ca6c648c45.exe

  • Size

    473KB

  • MD5

    638cfffa2f94398eb16021ca6c648c45

  • SHA1

    c2288c84485071db0f6a29bf29d5b72964999325

  • SHA256

    ddf29aa7c938c9118f9675c2ce6d3ba08b22b80c38052a34219afa0a341c43f9

  • SHA512

    87f2a3876c2fe5129e551c09a4ef3572040d6cca4122bb7926d2be9b5fecc7e27446ca01aa00ba95750a057e79e58eb4ac048c059a3c09968540c12e9aad459f

  • SSDEEP

    6144:+CKXw5Z8lU2wqdIsw1NbzbeNrk2z5lFaZf21L9m7zPGXJRPm/vLv1WN1yNr1DBKU:+XEotwq4X+ylOm7eJRPmpnNrKVUqLmiA

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\638cfffa2f94398eb16021ca6c648c45.exe
    "C:\Users\Admin\AppData\Local\Temp\638cfffa2f94398eb16021ca6c648c45.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy4857.tmp\ioSpecial.ini
    Filesize

    706B

    MD5

    deb4d2c0e1f6200e92a6934f2a0a5e61

    SHA1

    14519e674c4ecbffee6dadffaf6818c0f0bfe7cc

    SHA256

    e2b6ae5e6b9ca7cb955e9d44bc831c276ca7b7b4d8181d2626e7f5c31c2474c6

    SHA512

    fa56a3fb0be713fd729160c9b4e2d04bc1e063cfabec18130aab06dfa18a18ac9dfa85b451e87ee2713f373ce3667d2782530c659d58a78de894f46ad7431e5c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy4857.tmp\AdvSplash.dll
    Filesize

    6KB

    MD5

    c16e99e77b8e9a4ac4621ee85527c727

    SHA1

    d527d14dcc209c485b6979166eef83ec1a8c6e4a

    SHA256

    3caa4b6585ce3fdbf4229878aab77c30af507691153add91aabf7404b3c99b7e

    SHA512

    590c1b5a55b91a3f6df388363132d9560a5fc09f5e3d5c440b3939660a777c6d1cc69df9d696b73545d95e70fca8616193c162cd086b3757e82e0e1d129ae765

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy4857.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    9b2ad0546fd834c01a3bdcbfbc95da7d

    SHA1

    4f92f5a6b269d969ba3340f1c1978d337992a62c

    SHA256

    7e08cb4ff81dbb0573c672301681e31b2042682e9a2204673f811455f823dd37

    SHA512

    5b374fe7cc8d6ff8b93cfcc8deae23f2313f8240c998d04d3e65c196b33c7d36a33930ffd481cdd6d30aa4c73dd2a1c6fe43791e9bf10bd71b33321a8e71c6b8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy4857.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    e79062d4e5969b67241a96bad058dd07

    SHA1

    67adf76bc6718e87633ad2669119a4cfac71fb5c

    SHA256

    7e49f8b791231c84e80eee56c5dfe8ee6feabe7fb6efba2c30a1ae1621c9e509

    SHA512

    6269f26ee92a7576e8e17b156cf2cf90c862c007c684a44e55194d2aef605de5304b9e7822a001db477bc672c52db4e64db7f02e4684488705d594698035a0ed

    Download Submit