Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

a31156b8d8...eb.exe

windows7-x64

7

a31156b8d8...eb.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

LinkCreator.exe

windows7-x64

1

LinkCreator.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

eMule Light.js

windows7-x64

1

eMule Light.js

windows10-2004-x64

1

eMule.js

windows7-x64

1

eMule.js

windows10-2004-x64

1

emule.exe

windows7-x64

1

emule.exe

windows10-2004-x64

1

lang/ar_AE.dll

windows7-x64

1

lang/ar_AE.dll

windows10-2004-x64

1

lang/ba_BA.dll

windows7-x64

1

lang/ba_BA.dll

windows10-2004-x64

1

lang/bg_BG.dll

windows7-x64

1

lang/bg_BG.dll

windows10-2004-x64

1

lang/ca_ES.dll

windows7-x64

1

lang/ca_ES.dll

windows10-2004-x64

1

lang/cz_CZ.dll

windows7-x64

1

lang/cz_CZ.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/02/2024, 06:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a31156b8d80a68e8f4354c63e0747beb.exe

  • Size

    3.2MB

  • MD5

    a31156b8d80a68e8f4354c63e0747beb

  • SHA1

    185705e7d217132a104dc3f4ee12a72c7e8749ce

  • SHA256

    28411261cb3f27081f910190d1c7742fb805185430af10131d5b39fd2e39c832

  • SHA512

    33db65bf69a721be613316b729c06137ae4f323314b707f591b09f06f10dab2643f36742a457d04b5816e6e2aa795d78f01987ca173bd4ed0f0845279d2c96eb

  • SSDEEP

    49152:a9r/Wx+GhZdsM+1GfhXM5uOMkbKH+1Ma6h2ZoHrkQb7MOBIfn2vrPLuG:ASgsdiM26+1MaO2iRTIv2vrjp

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\a31156b8d80a68e8f4354c63e0747beb.exe
    "C:\Users\Admin\AppData\Local\Temp\a31156b8d80a68e8f4354c63e0747beb.exe"
    1⤵
    • Loads dropped DLL
    PID:2580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsu38A5.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    14c212bb2fa90fe52a6424b955c86ad6

    SHA1

    9e94f8ad17ff9b6b31e5f029ee5f726e307ac8ee

    SHA256

    1854afccace3053dca2707b10609ea78a30f0ee853bdb9f251c076317ee53120

    SHA512

    d42fa579f93b98d1446daf3d0734c19838fa310ef27cd05344e25d9f86ba37a5fa1752236e5de4df7c9f414236538bd7431bffda126fb9c74fd112539de0e713

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu38A5.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    7e856702410e5598296a9c056c273db2

    SHA1

    1711125771f4e364717079aae5e4419ac3d69a5d

    SHA256

    394d7d46b5e1ea621cfcc4f0bc8609d5ad8d42074186cddb737f3abe10874403

    SHA512

    34ae337e44a5ce9dd17e4c726977f895b90614e02df09d9db46d7e6905850b05b44a4951508c07272acc2683454c1bc949ee1f83e14592e7400bdeae2033c886

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsu38A5.tmp\ioSpecial.ini
    Filesize

    692B

    MD5

    3926387464904d9dd0e0e284e0c337ef

    SHA1

    008d283fb0f1d5e8f5d9014784710a5f22413f8a

    SHA256

    0a5ece83dabd24b62d7e2fc2685c8ffbfccc47408bedd17523e958bef79ab741

    SHA512

    e4ec7e38e736b9b0239903c9bdcdc1008b4c353df5e61e5fc5dc999f99aa3be36aebff37521a1a483b06eb64d90c24191cc89c863289bce8b15114508520d291

    Download Submit