Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

6

_850A9CE91...92.exe

windows10-2004-x64

1

_85775FE8A...C0.pdf

windows10-2004-x64

1

_857C1A063...C.xlsx

windows10-2004-x64

1

_861C5A066...68.jar

windows10-2004-x64

7

_874D15677...9B.jar

windows10-2004-x64

7

_8799F7153...1D.dll

windows10-2004-x64

1

_88ECC22CD...A.html

windows10-2004-x64

1

_89C4639AC...1C.jar

windows10-2004-x64

7

_8A4455BF4...A8.dll

windows10-2004-x64

3

_8A902ECF1...DD.jar

windows10-2004-x64

7

_8AE3EAF93...D.html

windows10-2004-x64

1

_8AF2F97B5...AF.jar

windows10-2004-x64

7

_8CAD92531...44.jar

windows10-2004-x64

7

_8EFD210D2...6A.jar

windows10-2004-x64

7

_8FCD084FE...B4.jar

windows10-2004-x64

7

_903967F51...E1.exe

windows10-2004-x64

1

_90FA1CB64...2.xlsx

windows10-2004-x64

1

_919844873...8.xlsx

windows10-2004-x64

1

_93B373EF7...04.jar

windows10-2004-x64

7

_93E97C33E...00.pdf

windows10-2004-x64

1

_9420AD2F9...80.jar

windows10-2004-x64

7

_94221BE39...A.xlsx

windows10-2004-x64

1

_9452A5808...0.html

windows10-2004-x64

1

_94C8A56AF...BE.dll

windows10-2004-x64

1

_94DF584B0...86.dll

windows10-2004-x64

1

_9582D6BA5...D.xlsx

windows10-2004-x64

1

_96AA03667...22.dll

windows10-2004-x64

1

_9752D5615...DA.dll

windows10-2004-x64

1

ISSetup.dll

windows10-2004-x64

1

StepOne So....3.msi

windows10-2004-x64

6

instmsiw.exe

windows10-2004-x64

7

setup.exe

windows10-2004-x64

7

Resubmissions

29/12/2023, 08:01

231229-jw3ndsgah2 7

29/12/2023, 07:56

231229-jsp8wscgfm 7

Analysis

  • max time kernel
    474s
  • max time network
    503s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2023, 08:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    instmsiw.exe

  • Size

    1.7MB

  • MD5

    61a5fb191ae2ae876db31dcce75e4183

  • SHA1

    751669c38b666c7435b2a65a5c6fe40435d59aaa

  • SHA256

    b93fdcd1136faa9a8cb73a329b2f1f5f430a150ddcec35de916e3a1539f09351

  • SHA512

    76ed473ff370255e7b09a931c10e1aea7d9d84b4655d85e9ad28faa5f143bb9063c363829a28614fb89cd00c4755e825268123e5f6f4849a0db9328297811ffc

  • SSDEEP

    49152:OFxErb1F2gqQF6d8RrycC51DtuoIwgpXIfWzbnoP2qDAV:2Gb1FLqQF6dWry//DthQiooP2qDAV

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\instmsiw.exe
    "C:\Users\Admin\AppData\Local\Temp\instmsiw.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe /i instmsi.msi MSIEXECREG=1 /m /qb+!
      2⤵
      • Executes dropped EXE
      PID:1948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\msiinst.exe
    Filesize

    51KB

    MD5

    a6312824f6abf5dd300b2f321d251f5a

    SHA1

    d33f361232373c0092721bff9093f5cde6eebfc2

    SHA256

    f714271380241db1825d0762e4895d8640205e55e50bafc7b141def5bc1afd6b

    SHA512

    78ad9fbfb0b6d5ecd4b2c56e54b7c46fd80bab685a28a4c2aff11f21417d379728ea3b3be97222c44e09037e19be50110bba1dd7b350659fd22f0913cbc56af1

    Download Submit