Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a31944ff5c...a1.exe

windows7-x64

7

a31944ff5c...a1.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMPLATES...at.exe

windows7-x64

1

$TEMPLATES...at.exe

windows10-2004-x64

1

$TEMPLATES...cs.dll

windows7-x64

1

$TEMPLATES...cs.dll

windows10-2004-x64

1

KKJDock.exe

windows7-x64

3

KKJDock.exe

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/02/2024, 06:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a31944ff5c7531ecddbf45ac0d864ea1.exe

  • Size

    925KB

  • MD5

    a31944ff5c7531ecddbf45ac0d864ea1

  • SHA1

    6bf457bf7f64a3cf7773f45a29ec97b2b39560ed

  • SHA256

    24d824fb3eacf87429dfc236d3c491dfaa13ed412c4aae09de1aea967f3191e7

  • SHA512

    5e099ea7b9d03d5e2ccb75bb7af5d3c4e86b85b5b65b0c050e076d4f3796f72505c15ff2224aaca4bd2295276db3b0c1a80d8ce5f66670828b7b867de1df49ef

  • SSDEEP

    24576:yL0zpn6rCMmbaD1VDd0vqdHsLS23i0iDHvJR7wGGg:bzppbMfdHwrkDHvJV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops desktop.ini file(s) 5 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a31944ff5c7531ecddbf45ac0d864ea1.exe
    "C:\Users\Admin\AppData\Local\Temp\a31944ff5c7531ecddbf45ac0d864ea1.exe"
    1⤵
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2740
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Internet Explorer\SIGNUP\msn.1nk
    Filesize

    1KB

    MD5

    7b722a71e7385eb149a3ce09a3c0f1df

    SHA1

    ba4ad65627fae5025aa92f3c83e3cd4ba20ba61a

    SHA256

    218489d7c516bf2bad7400b559f4f83ace44b3d877e97b8085fad39a43d1ae7b

    SHA512

    a7643c241b8c88cb6cbfdb39863349ff9ccb871ccf1024f64b524973430885d706b025ca70868bf33643a697cef20e3701c3ba16e89e6627d62033da4fc5fc09

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd8F74.tmp\ioSpecial.ini
    Filesize

    568B

    MD5

    e03bd8463dcc7df715857d6efebb9cd0

    SHA1

    bc8e10225ad89c46caaf3922f88a1e67af2d329e

    SHA256

    8f2b004de89630c3b16147ff3c0d466170a8a48511e6b230856fe56e00a1f499

    SHA512

    19037dcb921f201ed574bcb06c00cac8f544317e3c07c9484236770f55d6a2fe29cd3d82d4b95daf80a7e32109b02736cd1d5327a5b1ab521d77cf0a56077f7a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd8F74.tmp\ioSpecial.ini
    Filesize

    607B

    MD5

    c3c0f4b6d7bad6b34e6a11a2d46032b3

    SHA1

    e316bb750e5e31123a1325e06f227ceaff01c46e

    SHA256

    40782e9d4103936d07307efc1d85442088e4816fc4c90259cdff1e3549b5a408

    SHA512

    4cf76f60a5d89a3f365adfd15d33677fcd2f20ca4b1edddd43f8b21ac58ed9444ee4384e12ba4405c8a92b6bf50cca1ca7a1ed2128b8297d4986b86cda877089

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.txt
    Filesize

    2KB

    MD5

    52486e0b81f6a40c99d19ba34e554b05

    SHA1

    cef03ae1fa1dd5f7fe2c13c79a02b8ab3a03ea75

    SHA256

    4e5b8354b53a7b168d0d110ada0df9aff3c6342573db9ca4ee3d1aaaa3a9b5f9

    SHA512

    fafc712e1fa4810ef9a6243945e228b31cac90242539b84e51fe499d9f06bd4e78ba072ff0ee376d77cf74bd1a7fafd10f9fc73552b7b909d68c34b9d4b52b7f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.txt
    Filesize

    1KB

    MD5

    c82b2d319cc1579095733d17f85b5ed7

    SHA1

    7b9fe7f797c7a595f693ca59b9bcb45a270778f6

    SHA256

    b761b86bad761c0d9b0bbca4d83f104b5d563103ab79d3b5ddd417be3592504f

    SHA512

    c54d9972d23e3f7133316605b71bf6fbe90c11c55ebeb5213f31de529ae36e19b705c8e19023c963647d10ffc9fe36ed65c065150ee624ca3cb454c889885b42

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.txt
    Filesize

    290B

    MD5

    9a79c9e1ad63ed2e7932536570775b9f

    SHA1

    db556bc8dc2e60d0a5aef1bfba930a6fdceb7cca

    SHA256

    20badd15197ef7f52351c378a6b9204863cc114dbe1034bf86180e7e74810f86

    SHA512

    1a03b9e4696ccad4ff23c4dcacc86d633ef3dbb7e1822552dd57da9bebde444dd30882849659f5e05547ff6acb880e8a3077275c860214c0bab1f4581dd7fde8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.txt
    Filesize

    272B

    MD5

    e14f6ef5e8dc4c628fe28ac893e9309d

    SHA1

    f29803c16d3e11a196d62026279b72854c4d751f

    SHA256

    6142a68127514d4919f584a7541c242c9af5e471fcdb6065d40133439e8421a1

    SHA512

    94a23c241bd39bffc9a3eca5c9ddcf4099edbddfaafe997335ffd85825dc9e56884077768ef0cd7ae40c631489932529ea8c7d6dcfc0549c32d15d818589fb5a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll
    Filesize

    528KB

    MD5

    d96eb3c463e3d79bde702cabb882d2e3

    SHA1

    952c4a91492478d6e99dc18557f02873df400a69

    SHA256

    59fa6395e5752ce5fa4d077b0174c05ffd53607b0dde03e041ff8c2a746c86b0

    SHA512

    ebe922743a26dac2c8058a77dc7805006917fa2f95b83f257b2b3d734e1d346f7d3ad460fee02d39c2399dbe2ec26b4bd20f8ccf7858f0feeb8a43c6cc5d62df

    Download Submit

  • C:\Users\Admin\Documents\backup\User Pinned\TaskBar\Google Chrome.lnk
    Filesize

    2KB

    MD5

    4135b8c2eb9095a257972b920cb02c72

    SHA1

    6604073211576259d0c0aaf8f32bea8c85a07e6d

    SHA256

    72cd880bd0a73d30ac87b62a20bf305008f398a7f330d09f067aa65a50521065

    SHA512

    a667a086aa94e0760f71e709077cb74dbd9e46ec08e94d148ad0cd2b5471c9146c57f98e08c8a7f0e83c216dff26399e7047c0a4b632604ce37f8a1e9980c615

    Download Submit

  • C:\Users\Admin\Documents\backup\User Pinned\TaskBar\Internet Explorer.lnk
    Filesize

    1KB

    MD5

    322494718bb5678ec91d176b25efd7d6

    SHA1

    3ab651f5e2da9416df68eec66fb9b68b3d944c7f

    SHA256

    4fc77508f58ac929d56b697020ebe6d05bde5de33af02b07f40ba1b6fa7ed8a4

    SHA512

    a904efefea56300e094fc14deb07624a8213d5455500a835c7992a1e86c95b0b47d465516057f5f37f1f760512748cbb371d8a53217837a3767c50b04a155ac7

    Download Submit

  • C:\Users\Admin\Documents\backup\User Pinned\TaskBar\Windows Explorer.lnk
    Filesize

    1KB

    MD5

    47b2e1c4ddd5fa161f4e7314222d7a29

    SHA1

    f8e0a57ad324aa0ce6eafcbee54361cfc3fac7a4

    SHA256

    20b9ba1869ed5d109962522c7c9a09e2675c457edd780f3723d33f9b40475772

    SHA512

    07c8e9fcc6441c45540ced17802aea9fc84197733cc13af77516813c3beb346ae2748445ae99318309cbdc2da8e69e622dd91e658b7e9ba27d424eae6f5acf1b

    Download Submit

  • C:\Users\Admin\Documents\backup\User Pinned\TaskBar\Windows Media Player.lnk
    Filesize

    1KB

    MD5

    a55b70c438f73430a1b2a6a7798a24bf

    SHA1

    7c95e05538769f1e0b638f95fa77e56874b943d8

    SHA256

    53f93cc325f34015d46b25bd53c47d2d23cd1bb585df1071417cb67e5915b84a

    SHA512

    01229de420176d6222a179f584e5a05f4ab74dd08fc9b583837cfdd10fda1007a9ae19859c139b25c89e08ab55a706ae5f0c0644c71ad1d910ec10687ef21602

    Download Submit

  • C:\Users\Admin\Documents\backup\User Pinned\TaskBar\desktop.ini
    Filesize

    211B

    MD5

    e11e5a356fe79a77992baf3c6bedba79

    SHA1

    9e3eb3b6ddda8664dc17e3140223be3a0ef41fc1

    SHA256

    e9bbc871326524376aff5aa95076f6562d8416bb94876ed4e6d5668c3c20b1ac

    SHA512

    ec7f3ecc14fcab007033bf0743b9f83c8c558a0b4e6e7de490ab1021a1dc447e0f41c2c859b5e8f7fe76d9095518f643dd59be972b6760e63bd71916749d3fc8

    Download Submit

  • C:\Users\Admin\Documents\backup\desktop.ini
    Filesize

    221B

    MD5

    98f06d1ff12463d6501ed8632c175f09

    SHA1

    dcf02254aec6a9bba2109d794d8588ae360edffe

    SHA256

    904fd61710a5a3121fd23bd1de0ed56e9bcf435d643737a07b76aac9ec450b6b

    SHA512

    c9cd8f4f6be5f057dce79795bd59f2bd8e1fc74a8c960f83cac8f2587591cf0f5caf31cc3d093184c560bbc839154dcc835061c0a99d8fb153b99286a933fca6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd8F74.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    0dc0cc7a6d9db685bf05a7e5f3ea4781

    SHA1

    5d8b6268eeec9d8d904bc9d988a4b588b392213f

    SHA256

    8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c

    SHA512

    814dd17ebb434f4a3356f716c783ab7f569f9ee34ce5274fa50392526925f044798f8006198ac7afe3d1c2ca83a2ca8c472ca53fec5f12bbfbbe0707abacd6b0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd8F74.tmp\System.dll
    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
    Filesize

    44KB

    MD5

    7c30927884213f4fe91bbe90b591b762

    SHA1

    65693828963f6b6a5cbea4c9e595e06f85490f6f

    SHA256

    9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

    SHA512

    8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

    Download Submit