Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

47dad07533...49.exe

windows7-x64

7

47dad07533...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07/01/2024, 03:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47dad075332038ed55828351e4e8de49.exe

  • Size

    4.2MB

  • MD5

    47dad075332038ed55828351e4e8de49

  • SHA1

    50dc149746a201b9e07d0546a61aa591a1674832

  • SHA256

    f0bd4a0ba05a758667f784efcef889e4f3d30666c85128dc58d4df7f6462441a

  • SHA512

    a4ccac31a75d981e742bab3f8105de452d2d7efe4b12ab14b40f9c106b08b1ed9ad32fdd578693c41e4fa275755700bcc8146a28cb47fa701cb26b8c2fe6bb01

  • SSDEEP

    98304:wIAzxtNeRQRIEmJji0bGwZ3qh9nM9kSCEWFddJVbJ:wDtHei0bGwdqh1lSCPFdvdJ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 14 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47dad075332038ed55828351e4e8de49.exe
    "C:\Users\Admin\AppData\Local\Temp\47dad075332038ed55828351e4e8de49.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso5D1F.tmp\ioSpecial.ini
    Filesize

    648B

    MD5

    ac77e2c9dc26a53fe0d9297d1e3291da

    SHA1

    446ffc9f2ce33be352a89d9760260cf981b22ab5

    SHA256

    d0732eded8307e497dd5bc5836ef82f33a2c1316e7a7114a80c4015f56f7e0e1

    SHA512

    e8cced1eb7922dd7a5730b3b739f8d443c04174dac496d45045689d7eceb8f576240be7bf9e1034184a3768f8863f77274afa703b6c1dd8799eb3f9fb77f76ee

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso5D1F.tmp\DLLWaitForKillProgram.dll
    Filesize

    28KB

    MD5

    9c4b8ec42d89f7557bfd90798ce52787

    SHA1

    2376dde426ea65aa27c30e304086310605382475

    SHA256

    ed52bdad7b383a179b9b0e21fefdda2d72695c5263a815d5e1e0bfac6c718548

    SHA512

    17c12a27a08746755868558c037376dd7e20f03f0f71888c1329903b70975a54f57786c3c32bf88aaf30119f11ed978a6830ba91949e11cfc94fbb5ad95305b7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso5D1F.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    eef9e469e8a30717974499f277d97e2a

    SHA1

    2d33c25984ebd9116beeb55cdde4c5c86c023e5d

    SHA256

    1f35bb6728237483c779005fc227e69fef51b0bafd32d15855d483948a337078

    SHA512

    d860132106a1c03dfa23f983b3c503f1216ac02f3d47833b96dfb333fb30bc8ab4d4fecd1f1f0a89f0c7f3586405461e2d53c26f282bb48970e549659b364b48

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso5D1F.tmp\IsVista.dll
    Filesize

    44KB

    MD5

    344d13fd0fdd2d97e8d61960f40a8a30

    SHA1

    3f0f120203005eea3e8ed1652a6ea8a607ea934d

    SHA256

    17bb3331e2300aa01666fbee98b9552cec5e46212a4c5a340c0370b93df88f83

    SHA512

    b4e49c58503532e270cc369f1cbd14d85edd46da5ab034dad730bd4297887dd541d445d2fbf205820e6afbbdba7ab6d5b78b694467554320fd6db8e06fe4f719

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso5D1F.tmp\KillProcDLL.dll
    Filesize

    36KB

    MD5

    6958016193a066833556992077bad4fe

    SHA1

    5f564945936f99381d7e2408f034f97d069005a4

    SHA256

    f38c669c87f2a73768a27a01622690997e9d93d5ca3830b349bd24c3ff9f8d2e

    SHA512

    fd6ab5c341b331b80c940ba97a2cd14547c796933a2df26d3dd87ede1602b86d9f8c37baebd7dd4c68d811199fc96a27ad4cb995bb8889d51af91db9f43ba0a7

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso5D1F.tmp\VaccineTreeMsg.dll
    Filesize

    40KB

    MD5

    8ed31d5e359ff96bd050b50a4032e7cc

    SHA1

    d0bdb6586d14787f22f72986c7c4ad2e565a4205

    SHA256

    c880ddf653469608af56a06666d73a8b45def1a17d88bc02a03217290222e8d8

    SHA512

    c3cb518d1a622264f8f839078338c47257e67b8e269c35758f3ea672104d17b792dc0aa9dd0782b3745b8935418944555f854fa4c7ed157dfdd7db55bf621166

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso5D1F.tmp\stack.dll
    Filesize

    10KB

    MD5

    0f61a81a543822de5fcb9a8a43f230dd

    SHA1

    d01d4a0f542f3c654637fdfe5a574fe1f150ece1

    SHA256

    46b4a72ae8590b0afb3304cc5c13db0502bc4c4cb02f64f37c79008c17db814f

    SHA512

    596b7a897ba64c32e26ba6168aa3628aad37b187a9814a286298307d8c42eabf8e8a679dbda558f8b2cdc8676c94ec819256432aa5ad7c05a5387759262a4402

    Download Submit

  • memory/2772-56-0x00000000002F0000-0x00000000002FC000-memory.dmp

    Filesize

    48KB

    Download