Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

WeChatSetup.exe

windows7-x64

4

WeChatSetup.exe

windows10-2004-x64

4

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

$PLUGINSDI...st.dll

windows7-x64

3

$PLUGINSDI...st.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

4

Uninstall.exe

windows10-2004-x64

4

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

WeChat.exe

windows7-x64

10

WeChat.exe

windows10-2004-x64

10

WechatAppLauncher.exe

windows7-x64

1

WechatAppLauncher.exe

windows10-2004-x64

1

[3.9.9.43]...dk.dll

windows7-x64

1

[3.9.9.43]...dk.dll

windows10-2004-x64

1

host/wmpf_...rt.dll

windows7-x64

1

host/wmpf_...rt.dll

windows10-2004-x64

1

host/wmpf_...64.dll

windows7-x64

1

host/wmpf_...64.dll

windows10-2004-x64

1

runtime/Co...on.dll

windows7-x64

1

runtime/Co...on.dll

windows10-2004-x64

1

runtime/ConfSdk.dll

windows7-x64

1

runtime/ConfSdk.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    123s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2024, 10:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WeChatSetup.exe

  • Size

    213.9MB

  • MD5

    f532bf00404c7e1c85cf0beea77a8087

  • SHA1

    2e4b7a89c9dd6c94b0e2d1c4590647dac1db6e01

  • SHA256

    f6de40a0e0c5b51daa70456189d10f7fc1e7dcd36168cf8afcb17035efda6686

  • SHA512

    660a0f9e3d67cda569b1f23bf58704f88fa3954051ea54bcd45809572da131421cb54a799b2a09f8904b079aa62a2116525d07514780bdde50c5772dcd0cecab

  • SSDEEP

    6291456:WGQuGyvvAlDNxMPt28nxoW94yGGGQnJGSEDeS:WSGyv4lDXORLnJ9LS

Score
4/10

Malware Config

Signatures

  • Loads dropped DLL 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WeChatSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\WeChatSetup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:1896

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsy3FD0.tmp\WeChatInstallDll.dll
    Filesize

    2.0MB

    MD5

    b3c3b61337957c967ebb55d2e6961c22

    SHA1

    2dbf69369309cc5694dea490f13be41ac797fbb3

    SHA256

    91414022de0110195f3c4fb4a14e6b10bbd8d36b5d25e65031f812f6804a35aa

    SHA512

    f7611e5166a039ffc489e405de789ebdf031eb4de5af459be1707f982bb6a9d42640fcd72e639908938c6daff170a0f7f8693aee1d523e6db9e081e7c3671f05

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy3FD0.tmp\FindProcDLL.dll
    Filesize

    492KB

    MD5

    633625aa3be670a515fa87ff3a566d90

    SHA1

    de035c083125aef5df0a55c153ef6cc4dd4c15b4

    SHA256

    bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

    SHA512

    3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy3FD0.tmp\System.dll
    Filesize

    11KB

    MD5

    ca332bb753b0775d5e806e236ddcec55

    SHA1

    f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    SHA256

    df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    SHA512

    2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy3FD0.tmp\WeChatInstallDll.dll
    Filesize

    1.9MB

    MD5

    18c038baf31e8b28241db80cac9baed5

    SHA1

    9dcd9eb4863197eebd99fba38bcda8bd4e118cb6

    SHA256

    3c1212ff9565370893850087d0b0475acbe5ef37213f44a108f63b1d32e39312

    SHA512

    9e7abed644d3e8069e65b58c51481056dc45d6e5a6df138123658f5cdae8aeac4efb694085413a00ee071baa4082018f94ea59246b898031daf7e84b047aa7bb

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsy3FD0.tmp\nsInstallAssist.dll
    Filesize

    192KB

    MD5

    28b411f3793dbcb81d6f3d3b0527cdba

    SHA1

    7614310be1231850e811a818f58ee8b54ae9ceaf

    SHA256

    0281e384c94cad29fd8279c1855f671c2dd1f7772cf5645f573dd1df2b3bd127

    SHA512

    e5c9f21e9838eca54a8ededb1bf279453e116b6cde629a75ad057b6438deec6bcacf6e27a81c8aa0fc732f26dc28cee7a006ba6d68c08846b92937e388349d78

    Download Submit

  • memory/1896-16-0x0000000007AE0000-0x0000000007B8B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/1896-25-0x0000000007AE0000-0x0000000007B8B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/1896-56-0x0000000007AE0000-0x0000000007B8B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/1896-61-0x0000000007AE0000-0x0000000007B12000-memory.dmp

    Filesize

    200KB

    Download