Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

A.exe

windows7-x64

7

A.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

Anycast.exe

windows7-x64

3

Anycast.exe

windows10-2004-x64

3

Packet.dll

windows7-x64

1

Packet.dll

windows10-2004-x64

1

anycast-service.exe

windows7-x64

1

anycast-service.exe

windows10-2004-x64

1

wintun.dll

windows7-x64

1

wintun.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/03/2024, 20:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    A.exe

  • Size

    10.7MB

  • MD5

    25d325afb078b572b0fbca2b84aa264c

  • SHA1

    6ef782acf674f3e66b5973e143c2fdda7e076914

  • SHA256

    a3c3f7a0014e41ff435db5b87ec92e60ada72a94fc401cb1ef3cf6daf71630e1

  • SHA512

    f4ff58f70a06c425ad832aa19b3dd51b2b4fc534dba8d2cd68a49d5c22e3ce366f5d8b33cd687c7e5a64fb3ab02e60330d66a0c3bfab09750b2afaa508705b68

  • SSDEEP

    196608:CvyhL33XXLybGKdNGYj+MxmpVAI62jSBuUtW1lJwo2LrKUYV9bWI:CKhL3HyGGlj+E3I6Ev0Pex

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\A.exe
    "C:\Users\Admin\AppData\Local\Temp\A.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst4D18.tmp\ioSpecial.ini
    Filesize

    1KB

    MD5

    056bcafb89e85d252d2bbf47b1249c51

    SHA1

    36cacbdda703d981abd18acdb5d8bc2214670abe

    SHA256

    720d3733c96fe94ac5aa94dccef75a5bce68929f598e91ad3036ece5b16194f4

    SHA512

    310332d9bcd8969a25318e2833034c7b3355bd9c28b5750afb5fb0c83337b9e9debdc5cf060f07a828fa30da5bb672e051590e916ca4ceb1c978496120367e25

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst4D18.tmp\InstallOptions.dll
    Filesize

    15KB

    MD5

    0a9fb96a7579b685ec36b17fc354e6a3

    SHA1

    355754104dd47d5fcf8918dee0dc2e2ee53390a6

    SHA256

    b34fb342f21d690aac024b6f48a597e78d15791ef480ac55159cd585d0f64af7

    SHA512

    67870206fa7f1e7df45c8c1bc2f51fb430f0a048a2bdb55a4a41525388ca3b50203784537f139169705a03db4bb13b591162a79a5d2df81a4d11fd849615c86b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst4D18.tmp\InstallOptions.dll
    Filesize

    7KB

    MD5

    1aac37a36fbf4892a5c81bd641efdb66

    SHA1

    3149805379c20d0ee9af57a13f8553de2c66891b

    SHA256

    172fb64d2ec78d2c7fbdbc2e09492b8aa416e2bf187397c6ce0c6dee806248b7

    SHA512

    8f0309c1ff8c85b77fb1e88c17293b421d15b7928c52d9f495f34208bf0226362efe04f4294bc2517134a0545818a9f747232d82374a51035b20385596089179

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst4D18.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    98ff85b635d9114a9f6a0cd7b9b649d0

    SHA1

    7a51b13aa86a445a2161fa1a567cdaecaa5c97c4

    SHA256

    933f93a30ce44df96cbc4ac0b56a8b02ee01da27e4ea665d1d846357a8fca8de

    SHA512

    562342532c437236d56054278d27195e5f8c7e59911fc006964149fc0420b1f9963d72a71ebf1cd3dfee42d991a4049a382f7e669863504c16f0fe7097a07a0a

    Download Submit