Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

QtCore4.dll

windows7-x64

3

QtCore4.dll

windows10-2004-x64

3

QtGui4.dll

windows7-x64

3

QtGui4.dll

windows10-2004-x64

3

QtNetwork4.dll

windows7-x64

3

QtNetwork4.dll

windows10-2004-x64

3

libeay32.dll

windows7-x64

1

libeay32.dll

windows10-2004-x64

1

nksl3_logger.exe

windows7-x64

9

nksl3_logger.exe

windows10-2004-x64

9

runtime/No..._0.msi

windows7-x64

6

runtime/No..._0.msi

windows10-2004-x64

6

runtime/handle.exe

windows7-x64

7

runtime/handle.exe

windows10-2004-x64

7

runtime/vc...08.exe

windows7-x64

7

runtime/vc...08.exe

windows10-2004-x64

7

ssleay32.dll

windows7-x64

1

ssleay32.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06/03/2024, 12:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    runtime/Nokia_Connectivity_Cable_Driver_Version 7_1_69_0.msi

  • Size

    7.7MB

  • MD5

    80bb7bb30e33ac2b7bea51e6681b56bc

  • SHA1

    9def00a0f350f845e27c421dbac170ca29e5f5ce

  • SHA256

    876a015fc3380cab42b31e09a193990d93f2441b7066aec7b99b8b88b8d9e2c7

  • SHA512

    b52346fb3e2516643e412275406cda7a19e8a2be31e15c486c94743e6b3b5e58591158468450f09845ba3770819186cb3645e7f19f5a78210c1320d3d0382e8a

  • SSDEEP

    98304:VAXDF1NUnLjzytCVZWqiIaniHQnN0fuZb9VBeCs4:WXNUnLjGyZBiIaniwWGGCp

Score
6/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\msiexec.exe
    msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\runtime\Nokia_Connectivity_Cable_Driver_Version 7_1_69_0.msi"
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:1220
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding 1CA0516E85D091A7514EAA38DFADBAA4 C
      2⤵
      • Loads dropped DLL
      PID:2536

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\MSI34D8.tmp
    Filesize

    20KB

    MD5

    f4198aee41463e310904dd04482cf602

    SHA1

    b1678e2201ce9c807aa5b3530de9ca20031f4abd

    SHA256

    bcd450a344a65872c9e28e7d9222d26b4e5e28c668a7c6ee98f358c3e39bda24

    SHA512

    0fcf06f6d64828e86bc11c34e9bb80b22a269e26f2f079bf297d8240bf539062a045fe7c17b981e0828e8b14706cf8a76adc275cf364b2e5aa52339b3453cfad

    Download Submit