Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

bb6d817b65...b5.exe

windows7-x64

7

bb6d817b65...b5.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...te.dll

windows7-x64

3

$PLUGINSDI...te.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2024, 13:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb6d817b65c8c3cf4bef0b9599fa06b5.exe

  • Size

    191KB

  • MD5

    bb6d817b65c8c3cf4bef0b9599fa06b5

  • SHA1

    8877e7a71797e1b4d0aac5a76bcb862bcda5b8a3

  • SHA256

    c22eabda16738769e7cc2d015b7e78f22a98117769a81b08f7ebefbdd3877dc2

  • SHA512

    e2fc45044573ca60ad3380182f6606445f76aaedefcb1735198345c3bb07803542571f36763841aba6f12a44d81d025fca8ff991d98ce65e6adb4b808f0f8ae0

  • SSDEEP

    3072:1j3DlADd0kJs+2RsDtJZgqbUT0sNzQa1GHsFpQ59miZTuP0HHKQV6Iymy6xGrVDy:1N7VatJZgJT0sNjbFpQ59m62aKgLylrQ

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 1 IoCs
    installer
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb6d817b65c8c3cf4bef0b9599fa06b5.exe
    "C:\Users\Admin\AppData\Local\Temp\bb6d817b65c8c3cf4bef0b9599fa06b5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nso8E7B.tmp\AllRemover.dll
    Filesize

    52KB

    MD5

    c4c0c23f01fc5e2b407e2463e8f5080c

    SHA1

    7a55985593a6398d1a66883ae5f5929d4d9aee52

    SHA256

    ff0f59a359c306b0cb0a8ed935e2e1208d3532607c32ab849cccb7a15f09dd3d

    SHA512

    013232e5b14fae8aa83f1e2541370003911f8c827df8a4e419b0ba1f2c090033c97b2fb589e9e27935a45cda0ccf1a8f1076c3342e940b754845a2cec2a421de

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso8E7B.tmp\KillProcDLL.dll
    Filesize

    32KB

    MD5

    83142eac84475f4ca889c73f10d9c179

    SHA1

    dbe43c0de8ef881466bd74861b2e5b17598b5ce8

    SHA256

    ae2f1658656e554f37e6eac896475a3862841a18ffc6fad2754e2d3525770729

    SHA512

    1c66eab21f0c9e0b99ecc3844516a6978f52e0c7f489405a427532ecbe78947c37dac5b4c8b722cc8bc1edfb74ba4824519d56099e587e754e5c668701e83bd1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso8E7B.tmp\Math.dll
    Filesize

    14KB

    MD5

    bc8b9990819748dd57ccf28b73df57fd

    SHA1

    3e4f4bef94dec5745e49bdedd9c8ee85621d507c

    SHA256

    f7c310298a938c77b52094280b56da106d00a63705e2cc4b3eb2a730be01ade4

    SHA512

    fbeed46e079ae36ae26b655b3bae0cecd89181c8919b4a3aa03d4b32e3a8e365be0ab8df7ffa6e08576e4b8d797edc88a619e21af1d0d7df822250e2ffd3e57b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso8E7B.tmp\System.dll
    Filesize

    10KB

    MD5

    0c8ea8e6637bbf8408104e672d78ba45

    SHA1

    c231c7acaf9abb7da93f28e1b71bed164d57103e

    SHA256

    509a93177a7ae130bc3b6b5ec3236c7aa0811b8b86f8ab3442c65fdf8ff85b1f

    SHA512

    ee763a3cdbbba3b28e6a903ac942c7228bd8e54b19de21d6187e481f2916d833d9b9800e5ac2998f4aa26274cdfb20a8bfdd10f00f2a15d37bcc529b617e1f28

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso8E7B.tmp\WebBrowserNavigate.dll
    Filesize

    180KB

    MD5

    2e50f8f24ebbf06cfe2a48a997dfeb05

    SHA1

    e019b61713e874f96fd608d47e57d3663f688c5a

    SHA256

    4d51779da2b3ecd55a8af6b8178ca429bf95b41ca17ce50bb02b681f9ea6d51a

    SHA512

    73b26668a8f1a2e81915748ceed195a5ded9839578f5c114bdbd216692f646a21344230ab694eb26bd644e1d9a780c71db5d2bba8f92d33389873a5ed87c9420

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    191KB

    MD5

    bb6d817b65c8c3cf4bef0b9599fa06b5

    SHA1

    8877e7a71797e1b4d0aac5a76bcb862bcda5b8a3

    SHA256

    c22eabda16738769e7cc2d015b7e78f22a98117769a81b08f7ebefbdd3877dc2

    SHA512

    e2fc45044573ca60ad3380182f6606445f76aaedefcb1735198345c3bb07803542571f36763841aba6f12a44d81d025fca8ff991d98ce65e6adb4b808f0f8ae0

    Download Submit