Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

07297e833c...66.exe

windows7-x64

7

07297e833c...66.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07297e833cc07c21d319b8020b769166.exe

  • Size

    1.5MB

  • MD5

    07297e833cc07c21d319b8020b769166

  • SHA1

    fa6f4737fcd1daf68a32b497e21709e0dc7c6200

  • SHA256

    79fc9df9125a9e81c45ddb3a52801a41305287f5fc804dfbad538a36ee830cbc

  • SHA512

    4245aa7e35c14c3fc5d25832b842ee79de9584b7c7c2a9671af490030ab8b8c12595cda4a6fcbc3b2682c4cd1f6678098145280f9807b8be5ea132f83bc56066

  • SSDEEP

    24576:j2VydjNC8iVYyhy7LIxO/Ia0+ZlxRxB7Yc9F0u1mHSTmza3n7F6A35UYv:dM8YhyvSO/KU7+EF0Amyzn74Yf

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 26 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 12 IoCs
    installer
  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07297e833cc07c21d319b8020b769166.exe
    "C:\Users\Admin\AppData\Local\Temp\07297e833cc07c21d319b8020b769166.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Users\Admin\AppData\Local\Temp\gtop353.exe
      "C:\Users\Admin\AppData\Local\Temp\gtop353.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:860
    • C:\Users\Admin\AppData\Local\Temp\Setup_TheWorld_1.exe
      "C:\Users\Admin\AppData\Local\Temp\Setup_TheWorld_1.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Setup_TheWorld_1.exe
    Filesize

    759KB

    MD5

    3e64baa04a3ec575d428977c7a333c25

    SHA1

    8393f05414bb9992dcf03dbdfd26ea02a31fd8ef

    SHA256

    d2a9033d36b4f9955bd413b8999763a078b58a60b7459657ffe072bdc885dbf9

    SHA512

    200082c9502c0c91eb3e393311f0e3a9bd06da33272987b3c7b0e85a1bfe32e86637efd8956f2472ab71d23dc385568306d44434d55910c14c81800e63d37a3a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsyEC1.tmp\ShellLink.dll
    Filesize

    4KB

    MD5

    073d44e11a4bcff06e72e1ebfe5605f7

    SHA1

    5f4e85ab7a1a636d95b50479a10bcb5583af93f3

    SHA256

    b96b39cb4ad98f4820b6fd17b67e43d8d0f4b2667d50caa46eff44af245d75bb

    SHA512

    e9f99b96334764ae47aa026f7f24cfb736859a9131bd1c5ec7e070e830b651787f49910911f82e4ade0dc62fea0ad54ba210b07e44830eb2be6abb710a418a98

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Setup_TheWorld_1.exe
    Filesize

    278KB

    MD5

    6ec0468c6fc6e8c9b76f62a521684eb0

    SHA1

    4995e15ac6500f75fb2ecfaaead297b0cd880bfa

    SHA256

    aec60b0884444687d7427ef4dd03cc012bd8934a633f6033a5d9bd4131d884e4

    SHA512

    ef150b9ce3b7cbf68fe31a7c2da91d66d064072bf65307a3cb92c9eeec5dce227a7ed94523d8ff751a601db6f6f99503c6f52cc269ed45286e2a5effcc590d0a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Setup_TheWorld_1.exe
    Filesize

    376KB

    MD5

    9144ffae188142764a4111f3e889a203

    SHA1

    2748061ecf138405f62eed148c11394d005a1d77

    SHA256

    688e8ccfd220701de991aed92dfc0a825cfa3279982d4c5e2870d8c53fd24a95

    SHA512

    40e272fe610e2d28d8abb61c41040651de0ab726b07a51f63c7ee5f79a379f7f049faa38e67095e6774a8989e8e813eea749a1a3294633a8112b8567c2fa6f8a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Setup_TheWorld_1.exe
    Filesize

    344KB

    MD5

    82829e643d763bba91a5e1686e4977cf

    SHA1

    7a2012c36f548fc81b08f54b649b078b5ada2d95

    SHA256

    3763a8c6a4ebd5f9837c424b5e5db17d7c41971d94fac8307af344ad88e6c8ca

    SHA512

    35f60e00f380055a5629d7872757b82ead36284e0a74542829127b9b56c5674cfe9e8ef9bdfd450b91f15bc39c583ee6bd36b9a1922fc50f766dd291749b51e8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Setup_TheWorld_1.exe
    Filesize

    116KB

    MD5

    868d9a94db02c8b84793ff10f2c37bee

    SHA1

    5d2af69c19deeb9842e2f1e340bc3bd0827f944d

    SHA256

    7e8a1f3312b81c49c7607fca3c9ab796029ad0f7cfb7858a4b0854dc1197dfbd

    SHA512

    67cb3b917187f635b2bff4067d3c5a4b87f246e4f641b46e2f0cf65c7035d33689bc833aa1fcd317c5c326a884d2c661dc2f34660dd53ff6a66b3891675cba76

    Download Submit

  • \Users\Admin\AppData\Local\Temp\gtop353.exe
    Filesize

    765KB

    MD5

    920f63a72d747a1f26dde0691529fccf

    SHA1

    250bbd495d09b6d132fac6f5e71cf30c18563531

    SHA256

    31fd7a30fec9397d5c14775af5bcaadd38200ade22eae8d212fb4763c2cebd19

    SHA512

    6d82bdd646391690b3b151127d7843bc1588eece79128c55cf256ae13ab765f03b0cc4cabcee6a5c8af3c5a526f2b30c4432bfe07844742823666f64263362bf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyEC1.tmp\System.dll
    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    Download Submit