Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

9155a190fc...de.exe

windows7-x64

7

9155a190fc...de.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

OfferBoxSetupES.exe

windows7-x64

7

OfferBoxSetupES.exe

windows10-2004-x64

7

OfferBoxSetupFR.exe

windows7-x64

7

OfferBoxSetupFR.exe

windows10-2004-x64

7

OfferBoxSetupIT.exe

windows7-x64

7

OfferBoxSetupIT.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05/02/2024, 06:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OfferBoxSetupES.exe

  • Size

    173KB

  • MD5

    cc93e3b445129a7fdeb017e790b7bce5

  • SHA1

    bd0df8d3f5a26082723689f2e01bb451fb5b8384

  • SHA256

    e796ca74ca89994fb41cee2ee9f31bffe2a2c6f6976b1590eda75150b09a618e

  • SHA512

    9e9b624f8b2f0a519c9252cba6f51d340d89d4b6128da969410a3c8a93213cefa03cceb932944b632d917e170ac5cfcba0d9f2effb6da1c469f6ffd9bfdcd03d

  • SSDEEP

    3072:9br1YUfD6mJL3Zop4PKXSjUtpfhvQhJuyyf2vtDXIMtb:9u4ZoyPOvQruyz5Rtb

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OfferBoxSetupES.exe
    "C:\Users\Admin\AppData\Local\Temp\OfferBoxSetupES.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:2528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nst5E28.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5b84d250794433db5a2d26f34699dd9

    SHA1

    bc06abccf6a4783973ec11b6766b43b4a265820c

    SHA256

    96f3357a024c549d7cb9e6447b1a56a2a8029b4f12e6e597428e68620761c5e0

    SHA512

    121d67f85a24096799ed913dccb64ef65d9479f98a6d88c2a0e05f05a65f460d557c5fdfe2c42a0a61b9cbaedd9b7031978111a2713250a89848ab4f3bb4ce84

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst5E28.tmp\NsisPluginOB.dll
    Filesize

    237KB

    MD5

    9a2c7ab58d5d899e1caeed29fae7b79c

    SHA1

    c44f98ef9e1f10dbfc6f5136a8513f59baeefe01

    SHA256

    b5a951a91ab8a79d26359024a9ee6ca347e9bf6e7a4af4b8ccf6a929096700df

    SHA512

    dbf7de0446e929b83b63d4fe6020e872a39e8c1a75fac1fb6ec2282cf9c07bd85f0f249d980299f3bf990dc9e4bfe6a81d06839fbf9d2832381a0f4a894762bc

    Download Submit