Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

9f9c80e423...18.exe

windows7-x64

7

9f9c80e423...18.exe

windows10-2004-x64

7

$PLUGINSDI...rt.dll

windows7-x64

3

$PLUGINSDI...rt.dll

windows10-2004-x64

3

$PLUGINSDI...nt.dll

windows7-x64

3

$PLUGINSDI...nt.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...er.exe

windows7-x64

3

$PLUGINSDI...er.exe

windows10-2004-x64

3

$_2_/Uninstall.exe

windows7-x64

7

$_2_/Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ut.dll

windows7-x64

3

$PLUGINSDI...ut.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDIR/ef.exe

windows7-x64

3

$PLUGINSDIR/ef.exe

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

1

$PLUGINSDIR/inetc.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 21:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $_2_/Uninstall.exe

  • Size

    42KB

  • MD5

    9787542432e07524484183fd2fa1a080

  • SHA1

    77daa1bf84000621fd3929eb44b1069794c53b3b

  • SHA256

    e82cd4233a273f9eab2e89302023f690c0b0b1cb7d11861c5dd98547b01b53f9

  • SHA512

    66f04867a0d6c7c88f21c0a400673a3e1b6a08fcab3036bc937b322b81d519e4e555cc628b6be5d2cbc76d8c97b4c95157bfb6c37163a540b2b474d1c003276e

  • SSDEEP

    768:/4wO7XBz+5Qm3W0tYdrQZHV4EWuWEUOg4jjfS3XJDJRnhzwr:gLXB65939tY6HBg4sXJk

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$_2_\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\$_2_\Uninstall.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$_2_\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2220

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    42KB

    MD5

    9787542432e07524484183fd2fa1a080

    SHA1

    77daa1bf84000621fd3929eb44b1069794c53b3b

    SHA256

    e82cd4233a273f9eab2e89302023f690c0b0b1cb7d11861c5dd98547b01b53f9

    SHA512

    66f04867a0d6c7c88f21c0a400673a3e1b6a08fcab3036bc937b322b81d519e4e555cc628b6be5d2cbc76d8c97b4c95157bfb6c37163a540b2b474d1c003276e

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.