Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

CreamInstaller.exe

windows7-x64

CreamInstaller.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    34s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/02/2024, 20:37

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    CreamInstaller.exe

  • Size

    144.0MB

  • MD5

    67559b62234c7e272dbd3e9d07a8fe97

  • SHA1

    62a923368ca16a2f7dc1390d048bf9144cf67b6d

  • SHA256

    c5e2a4c45741ceb60b85a9c0ab9d8746b01e501a1fc0dc5676f16ee715da8da2

  • SHA512

    109d3286ea8428732ce8d004fd4c6c3c8947ef8415a18568f1f50552a4bac8895da3951d8ac0a1a92a2caf3793b6cc38333e8da7c745b512b43a82b010a11c41

  • SSDEEP

    3145728:zRvXeFQb3jdH0ltZnUoHlClgmXRWbBAwB1XmRSTCRS8Y91EeC:NvdGjJF+g3BAk1WIeoeh

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 15 IoCs
  • Suspicious use of SendNotifyMessage 14 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CreamInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\CreamInstaller.exe"
    1⤵
    • Loads dropped DLL
    PID:1908
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2168
    • C:\Program Files\VideoLAN\VLC\vlc.exe
      "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ExportEdit.aif"
      1⤵
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:1804
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x0
      1⤵
        PID:392
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x1
        1⤵
          PID:1832

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\CreamInstaller.r2r.dll
          Filesize

          17.7MB

          MD5

          fb5944bf00d702b7d3befd816cee21f2

          SHA1

          343a9277218ba9b87e3cbdaead0ed1eeeb48aa03

          SHA256

          d2257aeb99f980bb251be8c563eecc9da94fb2a36e2da38d3c6d447f29f9bc29

          SHA512

          b269828d83ab117cdb009ee2db9d8de72a6b515eaa297ca07e1747060b7463bdf803e81b76f488dcbcada8dec12ac0d9766889a29effbdd2788865d9f1a9917b

          Download Submit

        • \Users\Admin\AppData\Local\Temp\.net\CreamInstaller\C+9a07dbA1nxS4LRs0bWjK5lQ40y214=\System.Private.CoreLib.dll
          Filesize

          4.5MB

          MD5

          eafcfa0edd0ffcde7f5d7c65f1a4f49b

          SHA1

          54c1d9a439185b2717d2bfa0144bcca1b22d7b42

          SHA256

          3ccb0b292cb85bf67f28095640196ae0918fb8c5f65675c492abefdcf7abd6e2

          SHA512

          6c22b43f5abc98ab4cea68b38bdd80fc3158d8028f57794ee65e2b779afb95cbb13f55b014880ef367f0fb5972a2a42dcedea8163476bb0f418312dc3e4fcbdc

          Download Submit

        • memory/392-499-0x0000000002E10000-0x0000000002E11000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1804-494-0x000000013F7F0000-0x000000013F8E8000-memory.dmp

          Filesize

          992KB

          Download

        • memory/1804-495-0x000007FEF5AC0000-0x000007FEF5AF4000-memory.dmp

          Filesize

          208KB

          Download

        • memory/1804-496-0x000007FEF53D0000-0x000007FEF5684000-memory.dmp

          Filesize

          2.7MB

          Download

        • memory/1804-497-0x000007FEF37A0000-0x000007FEF484B000-memory.dmp

          Filesize

          16.7MB

          Download

        • memory/1804-498-0x000007FEF2990000-0x000007FEF2AA2000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/1832-500-0x0000000002A90000-0x0000000002A91000-memory.dmp

          Filesize

          4KB

          Download