Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a31156b8d8...eb.exe

windows7-x64

7

a31156b8d8...eb.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

LinkCreator.exe

windows7-x64

1

LinkCreator.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

eMule Light.js

windows7-x64

1

eMule Light.js

windows10-2004-x64

1

eMule.js

windows7-x64

1

eMule.js

windows10-2004-x64

1

emule.exe

windows7-x64

1

emule.exe

windows10-2004-x64

1

lang/ar_AE.dll

windows7-x64

1

lang/ar_AE.dll

windows10-2004-x64

1

lang/ba_BA.dll

windows7-x64

1

lang/ba_BA.dll

windows10-2004-x64

1

lang/bg_BG.dll

windows7-x64

1

lang/bg_BG.dll

windows10-2004-x64

1

lang/ca_ES.dll

windows7-x64

1

lang/ca_ES.dll

windows10-2004-x64

1

lang/cz_CZ.dll

windows7-x64

1

lang/cz_CZ.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/02/2024, 06:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a31156b8d80a68e8f4354c63e0747beb.exe

  • Size

    3.2MB

  • MD5

    a31156b8d80a68e8f4354c63e0747beb

  • SHA1

    185705e7d217132a104dc3f4ee12a72c7e8749ce

  • SHA256

    28411261cb3f27081f910190d1c7742fb805185430af10131d5b39fd2e39c832

  • SHA512

    33db65bf69a721be613316b729c06137ae4f323314b707f591b09f06f10dab2643f36742a457d04b5816e6e2aa795d78f01987ca173bd4ed0f0845279d2c96eb

  • SSDEEP

    49152:a9r/Wx+GhZdsM+1GfhXM5uOMkbKH+1Ma6h2ZoHrkQb7MOBIfn2vrPLuG:ASgsdiM26+1MaO2iRTIv2vrjp

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a31156b8d80a68e8f4354c63e0747beb.exe
    "C:\Users\Admin\AppData\Local\Temp\a31156b8d80a68e8f4354c63e0747beb.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst1382.tmp\ioSpecial.ini
    Filesize

    692B

    MD5

    91a2e6f3ee4e577c8e9e4a2b2f33f670

    SHA1

    daa513d801a465e093dca68ad2f627e57fe96c8b

    SHA256

    db94636e0b441d5fe1a878cc00cac7924272db1799e41ed72cbf75c0c467e6b9

    SHA512

    51ded982582326af55dce8e2ddafcd7cb4670e3a35d423e14576e9edc642f01dd25620f5d598a20b86c5f5920071f8367e35ab713d3ea7cab3fd5b56ccc62d81

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst1382.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    14c212bb2fa90fe52a6424b955c86ad6

    SHA1

    9e94f8ad17ff9b6b31e5f029ee5f726e307ac8ee

    SHA256

    1854afccace3053dca2707b10609ea78a30f0ee853bdb9f251c076317ee53120

    SHA512

    d42fa579f93b98d1446daf3d0734c19838fa310ef27cd05344e25d9f86ba37a5fa1752236e5de4df7c9f414236538bd7431bffda126fb9c74fd112539de0e713

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst1382.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    7e856702410e5598296a9c056c273db2

    SHA1

    1711125771f4e364717079aae5e4419ac3d69a5d

    SHA256

    394d7d46b5e1ea621cfcc4f0bc8609d5ad8d42074186cddb737f3abe10874403

    SHA512

    34ae337e44a5ce9dd17e4c726977f895b90614e02df09d9db46d7e6905850b05b44a4951508c07272acc2683454c1bc949ee1f83e14592e7400bdeae2033c886

    Download Submit