Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

027224e42d...20.exe

windows7-x64

7

027224e42d...20.exe

windows10-2004-x64

7

$PLUGINSDIR/inst.exe

windows7-x64

1

$PLUGINSDIR/inst.exe

windows10-2004-x64

6

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 17:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/inst.exe

  • Size

    143KB

  • MD5

    0f9c02df96da8a059c83ddfcfc0f8c6a

  • SHA1

    2a3fa9056603c843a4c086136557c4ad9cd190c3

  • SHA256

    56099fbbb997f4fdee7bcb8fabe62f3d49273028bcee7f12018e6c18b54af455

  • SHA512

    1481ca881e19074da73a46009d35d12e4221ec6f8c9aefe007a0a9d12d52eef4db6c5a38dfda18922d0fffd519c15032997df1df7c79f93361650f91476bbe7b

  • SSDEEP

    3072:BbJHKnXqlLo7N2nGN9acIqxvtbAeJr6eJ0Ig:B+Xyop9ap2F8e8A0D

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inst.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\inst.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Modifies system certificate store
    PID:2928

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2928-0-0x00007FF8C1EC0000-0x00007FF8C2861000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2928-1-0x00000000014F0000-0x0000000001500000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2928-16-0x000000001C330000-0x000000001C350000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2928-20-0x00007FF8C1EC0000-0x00007FF8C2861000-memory.dmp

    Filesize

    9.6MB

    Download