Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

e232399ba4...69.exe

windows7-x64

7

e232399ba4...69.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 17:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e232399ba45ac62a06158ea55e764769.exe

  • Size

    1.2MB

  • MD5

    e232399ba45ac62a06158ea55e764769

  • SHA1

    953aea3af528492fa0464ee6a198a969fe2ef9a7

  • SHA256

    c25d53b46bb85b9b81f140617cad54bba438e64072f5653bc85b62083306a7b1

  • SHA512

    36c80858c0ac66d09bf2428eba92d17cc862cfe81a90465931711333981f3333425d2767350c246fddf4cb9f7eb65cc7c7b5952951094b697ad8210beda9eed1

  • SSDEEP

    24576:IoqJ4jpebQRLI/bwKlVYswxTI95QnyOujfJzTKUckm8O3bb:IoqJ4jpsQkwKlFwxU95QnyOujrcGW

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 1 IoCs
    installer
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e232399ba45ac62a06158ea55e764769.exe
    "C:\Users\Admin\AppData\Local\Temp\e232399ba45ac62a06158ea55e764769.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:812
    • C:\Windows\temp\install_msgskinner.exe
      "C:\Windows\temp\install_msgskinner.exe" "/LICFILE=C:\Windows\temp\license.dat" "/MC=C:\Windows\system32\caqoecbpec.exe" "/MCPARAMS=INSTALL:5029564|77|VGOOGB3955921*0.0.47337.1*15|6"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsyA018.tmp\ioSpecial.ini
    Filesize

    700B

    MD5

    c76cf064b6d2e418c2a95ed2fa5ac2d1

    SHA1

    84309d3ed4b64424999e7bc36fddeea9e6779c0a

    SHA256

    9720a9254882508ab9cccb066cf358a5fd6ce94e04caf31a3928b05ce553f52c

    SHA512

    582d117c0a4968d78006b482118df6b4d74647c8ca3045c9771750454a9c28cd9565dc9b5a865ade8c095d4971fa46bcbe37b3e11a02f7d7a22296c1da024014

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsyA018.tmp\ioSpecial.ini
    Filesize

    713B

    MD5

    d70587bae08352aa5d3e3bd7b9d3ef32

    SHA1

    6b994ad152e8def7ff4798804796c849ade9c30f

    SHA256

    2ade56efdd035345f6f11971d676da2c708f4b6c3fd5619001ca5cea033f7a72

    SHA512

    fe042b55560cbe37cea0b3d2050929630da04d8eca0fbb6ad9fc5fea5e888e525d1f984319ce5273b522ec3bea5bc68db178a304d4e1e281a7c91f1acee6b639

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsyA018.tmp\ioSpecial.ini
    Filesize

    739B

    MD5

    017551658d953cdceb9cd86f08be9a4e

    SHA1

    e1ab3709f4781b490ac40d565860283ab0622d90

    SHA256

    293210b32ff39f7cd418bb3622f3bb642ec50adcad36718254466d4a0616ed42

    SHA512

    cd6ec7ea664e68f57da455c24cfccf938c7232872837b08b4e16da8dd4931f49e1725319827e6bb055ee34c1bcf37ddb4c86850e05006bb9b1639dcb309dd84e

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyA018.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    d61d6c709e7947296603059f8bedeba9

    SHA1

    bdcfc90c358c82be43ef85727a7bdfebbd6d1b69

    SHA256

    65012a46603b7e13807938e2a61f3c2a60cced3fb3187dfab3e391705e2c3f63

    SHA512

    ed5a6efd1dd5e2119a9c523b9f9154e13552b3538bf72f4b8b02d6a9c808c3ae2ba7613d9e2b3395237461703f2da0a1482a52727ffcf6fc967552390dab0f2b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyA018.tmp\LangDLL.dll
    Filesize

    5KB

    MD5

    8be27f3bdec2b49d0a6a674716622304

    SHA1

    70d17db576ed484a4c0195571118d307fd4dc1b9

    SHA256

    4fe0a8391574867d8bdc6fb33555d90e02796563f02d1e6536acc3294a85bd47

    SHA512

    add9f37dd0d7a27f19d172c82599a79d049385c12cdfb78745ce2b0685ecea8f85c718bd62ecd671bbed949529429500853534b63226809e707ad3745a8fc801

    Download Submit

  • \Windows\Temp\install_msgskinner.exe
    Filesize

    922KB

    MD5

    f1da621246700a7c6e305cd0729402ae

    SHA1

    e355def95bb8d886ceaaa97098608fcf0cb554f9

    SHA256

    f032c0b30f554b65ad2aaa21cdd92e1e44a3948e58d81fe7226d997ca348fbb5

    SHA512

    723ea53e78b8bcb1f44aaef10455a75fd275062c56d6cf667b56e876fd1de5af7fda866e71535d3b7e513a117a9aaa683e19d7b5f7e052bd6a8688a22cdc5a72

    Download Submit

  • memory/812-0-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/812-1-0x0000000000020000-0x0000000000022000-memory.dmp

    Filesize

    8KB

    Download

  • memory/812-2-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/812-4-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/812-5-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/812-14-0x0000000000400000-0x000000000041F000-memory.dmp

    Filesize

    124KB

    Download