Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

86dff32b3e...b1.exe

windows7-x64

7

86dff32b3e...b1.exe

windows10-2004-x64

7

$0/uninstall.exe

windows7-x64

7

$0/uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$0/zwankysearch.dll

windows7-x64

1

$0/zwankysearch.dll

windows10-2004-x64

1

$0/zwankysearch.exe

windows7-x64

3

$0/zwankysearch.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    140s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/02/2024, 12:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86dff32b3e21a5776c9be016bbc070b1.exe

  • Size

    698KB

  • MD5

    86dff32b3e21a5776c9be016bbc070b1

  • SHA1

    d80a3ad913c4c386dbbc2aa4fe2edeb6903747cd

  • SHA256

    0c738afdcc2ec1839c6bb3238f43160afc68cda566786a3aa82545d1a0bc06f1

  • SHA512

    ca6919a1e12f841b7f6ccd5fb172f05ec7588c5d9ca51e63511f78222e919f942af6edb7e3dbb3a797942b1f7407eac3dbaf0e92edaac2a18ac308abcb603ad2

  • SSDEEP

    12288:pcRIX6vUw7DnVuMySoNlfdjtBoye40LIYppleoVNVJqVhRdHi4+htxN3:p1XoZ4Nl1jLoye40kKWVhRhKxN3

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\86dff32b3e21a5776c9be016bbc070b1.exe
    "C:\Users\Admin\AppData\Local\Temp\86dff32b3e21a5776c9be016bbc070b1.exe"
    1⤵
    • Loads dropped DLL
    PID:3348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsoDD42.tmp\InstallOptions.dll
    Filesize

    13KB

    MD5

    d765c492c21689e3d9d61634371fd861

    SHA1

    ac200933671ae52c9d5544d0e2e8e9144d286c83

    SHA256

    551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

    SHA512

    9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoDD42.tmp\System.dll
    Filesize

    10KB

    MD5

    fe24766ba314f620d57d0cf7339103c0

    SHA1

    8641545f03f03ff07485d6ec4d7b41cbb898c269

    SHA256

    802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

    SHA512

    60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsoDD42.tmp\ioSpecial.ini
    Filesize

    758B

    MD5

    1bb7373b3e4f03a3f8210678506314d7

    SHA1

    f430fa74d27b6dd5e0aff7ee02cabc855e02a46a

    SHA256

    c260968a817b23b162d03eb00080e8719ceec6e8e36488486eebc6f2a528d24c

    SHA512

    41d7b98a1942746b477fef8637c5a2d155f5e0df4832354bea0c6264cba0c6c04866b34aa28ba372c9e0860fc5b38db923a20d0bbcfb65b2086346fc16ae7609

    Download Submit