Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Setup.exe

windows7-x64

7

Setup.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/05/2024, 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    1.7MB

  • MD5

    5b19b030cedda741350c22d0c240042c

  • SHA1

    a781ba87e607518dcc4bba93fe0eadfaf161dba2

  • SHA256

    a9dd76ce0eab73fbca951c5875e7f782278c541c8170ee9145884259acd8136e

  • SHA512

    35778f23ec813138af3c21b44471daf61ae63ee1c7bff12e4ac84d82a4cf5e2668924097f42295f767f931c1fb86018bf94e84be4916e849ead450b5bf39544f

  • SSDEEP

    49152:RRN24wEZ7m/ecAAE8j2tyuHr3RMMYK22v/6A5y:3dm/ecVi9r3RI35

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4552
    • C:\Users\Admin\AppData\Local\Temp\is-6LK1B.tmp\Setup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-6LK1B.tmp\Setup.tmp" /SL5="$401C8,1126838,281600,C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-6LK1B.tmp\Setup.tmp
    Filesize

    1.7MB

    MD5

    9580bce296b052debe1fb1c6de0f0b4e

    SHA1

    5be0b5d1d65633738c9706c9d44fecf93b9d3ffb

    SHA256

    303b7847ec665c74c502c722e9d940424abf8d4cb4b3293cbf89093d1bdba6f7

    SHA512

    55f1dcdc0f3af3f0db90e60b78ce9dd3b4279b3a22933b3d5d7ede9841b001acc410ac784c69d1591860c905aed9263b81213afbfee7a8ea1b54a13a00573f16

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-PJ6RN.tmp\ISDone.dll
    Filesize

    452KB

    MD5

    4feafa8b5e8cdb349125c8af0ac43974

    SHA1

    7f17e5e1b088fc73690888b215962fbcd395c9bd

    SHA256

    bb8a0245dcc5c10a1c7181bad509b65959855009a8105863ef14f2bb5b38ac71

    SHA512

    d63984ee385b4f1eba8e590d6de4f082fb0121689295ec6e496539209459152465f6db09e6d8f92eec996a89fc40432077cbfa807beb2de7f375154fef6554bc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-PJ6RN.tmp\_isetup\_iscrypt.dll
    Filesize

    2KB

    MD5

    a69559718ab506675e907fe49deb71e9

    SHA1

    bc8f404ffdb1960b50c12ff9413c893b56f2e36f

    SHA256

    2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

    SHA512

    e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

    Download Submit

  • memory/4552-0-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/4552-2-0x0000000000401000-0x0000000000417000-memory.dmp

    Filesize

    88KB

    Download

  • memory/4552-23-0x0000000000400000-0x000000000044F000-memory.dmp

    Filesize

    316KB

    Download

  • memory/4884-7-0x0000000000400000-0x00000000005BE000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4884-20-0x00000000034E0000-0x0000000003557000-memory.dmp

    Filesize

    476KB

    Download

  • memory/4884-25-0x00000000034E0000-0x0000000003557000-memory.dmp

    Filesize

    476KB

    Download

  • memory/4884-24-0x0000000000400000-0x00000000005BE000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/4884-31-0x00000000034E0000-0x0000000003557000-memory.dmp

    Filesize

    476KB

    Download