Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

WeChatSetup.exe

windows7-x64

4

WeChatSetup.exe

windows10-2004-x64

4

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

$PLUGINSDI...st.dll

windows7-x64

3

$PLUGINSDI...st.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

4

Uninstall.exe

windows10-2004-x64

4

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

WeChat.exe

windows7-x64

10

WeChat.exe

windows10-2004-x64

10

WechatAppLauncher.exe

windows7-x64

1

WechatAppLauncher.exe

windows10-2004-x64

1

[3.9.9.43]...dk.dll

windows7-x64

1

[3.9.9.43]...dk.dll

windows10-2004-x64

1

host/wmpf_...rt.dll

windows7-x64

1

host/wmpf_...rt.dll

windows10-2004-x64

1

host/wmpf_...64.dll

windows7-x64

1

host/wmpf_...64.dll

windows10-2004-x64

1

runtime/Co...on.dll

windows7-x64

1

runtime/Co...on.dll

windows10-2004-x64

1

runtime/ConfSdk.dll

windows7-x64

1

runtime/ConfSdk.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    132s
  • max time network
    218s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2024, 10:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Uninstall.exe

  • Size

    1.7MB

  • MD5

    65a8d4d556099f4a62b3ab141034f38e

  • SHA1

    38d2ee2b7a2c363cd99ab46d03fab2b87ff00d9e

  • SHA256

    caff82547f14b0afff408cd83625321ad00c5145d9086e7f5c74c6ca10899f54

  • SHA512

    f3ad2c0fb2d78551f6a65cbd4aae6a3ea5f3653e4456ec9fb4aa36ab299fffe9712acb3da91b272f9cef7f2d7216e38a9685d9179bf72f6f9cae6cebc5d8f8f5

  • SSDEEP

    24576:0GTJPUbMP326XBoBBYHsIfDczcu5IOQ6LbitlK3cBD5Mm1cBJkkMG5pOVUWjPSdD:FI2G0oWMIoVljGG3aqmQkk9OOpt

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 16 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 30 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3092
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:2408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsg84D8.tmp\FindProcDLL.dll
    Filesize

    492KB

    MD5

    633625aa3be670a515fa87ff3a566d90

    SHA1

    de035c083125aef5df0a55c153ef6cc4dd4c15b4

    SHA256

    bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

    SHA512

    3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsg84D8.tmp\System.dll
    Filesize

    11KB

    MD5

    ca332bb753b0775d5e806e236ddcec55

    SHA1

    f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    SHA256

    df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    SHA512

    2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsg84D8.tmp\WeChatInstallDll.dll
    Filesize

    3.3MB

    MD5

    bd9e977801a57ba49a3b9320ca265256

    SHA1

    5d83144b39195f0269167d76d68e7807ffd7a480

    SHA256

    abacdb7732c14ad8d98419f89e2ab6dd9716167bab5d92db048a55b4a266d4ed

    SHA512

    6969f937becb9f0b1fa76e20913c11d0a459c5853d4cf72c93dc8cbd885c94ff8ab35f3a44ca36c71a06d31e8702aa1b8b01a25d051101a23dfd10477458d8c5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    1.7MB

    MD5

    65a8d4d556099f4a62b3ab141034f38e

    SHA1

    38d2ee2b7a2c363cd99ab46d03fab2b87ff00d9e

    SHA256

    caff82547f14b0afff408cd83625321ad00c5145d9086e7f5c74c6ca10899f54

    SHA512

    f3ad2c0fb2d78551f6a65cbd4aae6a3ea5f3653e4456ec9fb4aa36ab299fffe9712acb3da91b272f9cef7f2d7216e38a9685d9179bf72f6f9cae6cebc5d8f8f5

    Download Submit

  • memory/2408-21-0x0000000008FB0000-0x000000000905B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2408-31-0x0000000008FB0000-0x000000000905B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2408-39-0x0000000008FB0000-0x000000000905B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2408-40-0x0000000008FB0000-0x000000000905B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2408-55-0x0000000008FB0000-0x000000000905B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2408-63-0x0000000008FB0000-0x000000000905B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2408-71-0x0000000008FB0000-0x000000000905B000-memory.dmp

    Filesize

    684KB

    Download