Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

45183ce88f...18.exe

windows7-x64

8

45183ce88f...18.exe

windows10-2004-x64

8

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

CacheWecha...er.dll

windows7-x64

8

CacheWecha...er.dll

windows10-2004-x64

8

CacheWecha...ce.exe

windows7-x64

8

CacheWecha...ce.exe

windows10-2004-x64

8

CacheWecha...up.exe

windows7-x64

1

CacheWecha...up.exe

windows10-2004-x64

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 07:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/SetupHelper.dll

  • Size

    1.4MB

  • MD5

    e4df5c7f58d5e0ccbbe7a6e74fc449ad

  • SHA1

    d0c92b3b78cd5fa61ce51b770565aeb488610c43

  • SHA256

    af55cbbbd681182226c5e854470a05ea8ec6242a30d28c61ce9c20b968088db8

  • SHA512

    5f7456f107df50809bd504e46cd4f5cc43764e683fb14dbcd03c1e6ab5ea5868c0279ed52c8aa5c1795e7928335b9ac07c31c228333dcd44dbb408f04ce2619d

  • SSDEEP

    12288:9GoXS24JiBgSwIiO/qxP4gjICgR5IF5aDTD3rGIBhwjX5xkOC8hPePDeUGFwyhSu:9LCAliO1gqQNgPCUQSUTYoXJ6AT

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SetupHelper.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\SetupHelper.dll,#1
      2⤵
        PID:2960

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads