Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

b439a7fae3...95.exe

windows7-x64

7

b439a7fae3...95.exe

windows10-2004-x64

7

$PLUGINSDI...lp.dll

windows7-x64

1

$PLUGINSDI...lp.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 08:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b439a7fae389b2b9c21d337cdc959695.exe

  • Size

    1.8MB

  • MD5

    b439a7fae389b2b9c21d337cdc959695

  • SHA1

    fee78c5118e037ba798977bf45ebd5a3738a14fc

  • SHA256

    14be8aeb2cd8c6b348670231e705ba1041fd1daf9f3b164fa42104e8006db3b0

  • SHA512

    76090b98d053d6d72966442b20f56e581e52f6a5f53d751fcf099e54e13c020f3e4a145586333d034a3ce08864690f371b0d9469e78b0ff683efa02b33ca6fc8

  • SSDEEP

    12288:qqv9/2PZUwVIGGEb0lYYn0X+RUTvEXedh5ptb/ZFvk7app/fpvplppppvp5:qqvd2BSYYn0lTMXedh5ptzZ+7

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b439a7fae389b2b9c21d337cdc959695.exe
    "C:\Users\Admin\AppData\Local\Temp\b439a7fae389b2b9c21d337cdc959695.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:3204
    • C:\Windows\SysWOW64\RunDll32.exe
      RunDll32.exe "C:\Users\Admin\AppData\Local\Temp\nsw64D5.tmp\OCSetupHlp.dll",_OCPID1049OpenCandy2@16 3204,536979F4BDCA42A9850FA3F787E5BE47,5A959DAD402F4180BDC5BFE6BFCFBCBB,55E729034D9F436DBBB3DFEE012365FF
      2⤵
      • Loads dropped DLL
      PID:1416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsw64D5.tmp\OCSetupHlp.dll
    Filesize

    819KB

    MD5

    ed7a7d6a10b133accac5e64050328d64

    SHA1

    c91ca85c665f1b151b6436e1c0d5b99ed6570cbe

    SHA256

    9ecdc3ffea8b139ed411993735d4b3ff050c2949f91c817a74c2d553b0015a6d

    SHA512

    be0711ec6f09f4768e4510ecb61d16d8d756326d0deb231b5cdaa6396dc198f8980ac8b0b9f91a13321dbc8143c346268fffd8efd69a5e4161bc78bd6235df46

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsw64D5.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • memory/1416-23-0x0000000002320000-0x0000000002321000-memory.dmp

    Filesize

    4KB

    Download