Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

4

Amcrest Su...24.exe

windows7-x64

7

Amcrest Su...24.exe

windows10-2004-x64

7

Amcrest Su...80.dll

windows7-x64

1

Amcrest Su...80.dll

windows10-2004-x64

1

Amcrest Su...00.dll

windows7-x64

1

Amcrest Su...00.dll

windows10-2004-x64

1

Amcrest Su...40.dll

windows7-x64

1

Amcrest Su...40.dll

windows10-2004-x64

1

Amcrest Su...80.dll

windows7-x64

1

Amcrest Su...80.dll

windows10-2004-x64

1

Amcrest Su...00.dll

windows7-x64

1

Amcrest Su...00.dll

windows10-2004-x64

1

Amcrest Su...10.dll

windows7-x64

1

Amcrest Su...10.dll

windows10-2004-x64

1

Amcrest Su...80.dll

windows7-x64

1

Amcrest Su...80.dll

windows10-2004-x64

1

Amcrest Su...er.dll

windows7-x64

1

Amcrest Su...er.dll

windows10-2004-x64

1

Amcrest Su...11.dll

windows7-x64

3

Amcrest Su...11.dll

windows10-2004-x64

3

Amcrest Su...11.dll

windows7-x64

3

Amcrest Su...11.dll

windows10-2004-x64

3

Amcrest Su...11.dll

windows7-x64

3

Amcrest Su...11.dll

windows10-2004-x64

3

Amcrest Su...2d.dll

windows7-x64

1

Amcrest Su...2d.dll

windows10-2004-x64

1

Amcrest Su...al.dll

windows7-x64

1

Amcrest Su...al.dll

windows10-2004-x64

1

Amcrest Su...en.dll

windows7-x64

1

Amcrest Su...en.dll

windows10-2004-x64

1

Amcrest Su...ws.dll

windows7-x64

1

Amcrest Su...ws.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    137s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/06/2024, 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Amcrest SurveillancePro-Win64_International_IS_V2.003.00AC001.0.R.230524.exe

  • Size

    184.6MB

  • MD5

    f9d73e205be364a15c44e79d244c4ab7

  • SHA1

    f4efdcfb2b249fe60bf7ed5cd48a8d171787a6e7

  • SHA256

    5ae41d15101ad481c2122d277eb991e9db02e9d360da737d6d3ebc9a2182d00a

  • SHA512

    a565fd8709aee6699d5d3015290b40784bdb7f22e82b9eaed7a0cd5fbe28bbb7c4895ca1f4a3bf7a34f50741e45023607c275e0f865eff4e98a5eb744f704a87

  • SSDEEP

    3145728:/2KXK+6tO1Ze01pJe0ynesrC6k5kr3sEOaiSa1rzMlbszvVCZYHAWkWx54:NB913fwefhkrcEOai5Z4OVsx

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Amcrest SurveillancePro-Win64_International_IS_V2.003.00AC001.0.R.230524.exe
    "C:\Users\Admin\AppData\Local\Temp\Amcrest SurveillancePro-Win64_International_IS_V2.003.00AC001.0.R.230524.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2960
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3404,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4532 /prefetch:8
    1⤵
      PID:1296

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\dll\MultiLanguage.dll
      Filesize

      1.1MB

      MD5

      e5deed5b2639f46a995fb2b86fea744c

      SHA1

      ed64c2fd09ae354150f987db483003898643db34

      SHA256

      39bb4e370a8adb24a140652982a64f582cf7e48c5b4fdb690bdb42a23c0f9056

      SHA512

      732f7b885cb9f41b300feba013a5c8f690c5431cd0e60b05bbceb05d680e55d5fee87fa91c1fe818470ea04e205013bcc8450c65a2b2637d49a1517516459663

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsh1808.tmp\ButtonEvent.dll
      Filesize

      4KB

      MD5

      fad9d09fc0267e8513b8628e767b2604

      SHA1

      bea76a7621c07b30ed90bedef4d608a5b9e15300

      SHA256

      5d913c6be9c9e13801acc5d78b11d9f3cd42c1b3b3cad8272eb6e1bfb06730c2

      SHA512

      b39c5ea8aea0640f5a32a1fc03e8c8382a621c168980b3bc5e2897932878003b2b8ef75b3ad68149c35420d652143e2ef763b6a47d84ec73621017f0273e2805

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsh1808.tmp\FindProcDLL.dll
      Filesize

      31KB

      MD5

      83cd62eab980e3d64c131799608c8371

      SHA1

      5b57a6842a154997e31fab573c5754b358f5dd1c

      SHA256

      a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294

      SHA512

      91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsh1808.tmp\LangStr_en.ini
      Filesize

      4KB

      MD5

      423950126478aa9231bb3532aba19d19

      SHA1

      62168f9bddc7b2f4d49d7041d362d54a5a321fc6

      SHA256

      2d213278d4ae0232a718e69a5e10a4c8a97863117a731a94ef297e0e14a10499

      SHA512

      89ce162ba5164170db2c47fd35e26f96010f1f99577002c6a6ffcfed2e65e9d73b7527b5808b6b6ea05b43d37fcbe29b32aba392c915e89029a2699630918bd8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsh1808.tmp\LangStr_es.ini
      Filesize

      4KB

      MD5

      b1129859f1469e35ce0101e2c14d6109

      SHA1

      39b6e347f0e7919c467c9b41f4f98486e8561122

      SHA256

      7f88c5d4f636989545484f67f16600a79ad62ab8873ec64d1145643e4fd245ec

      SHA512

      ebbe047405b80e56dbd877d7544aa99beef5b9a6433883b8df05558c6d2609d2bc19df14d362d605a01bce19be3cb0b5384ffcb4c5cc5c9f0ff68a17bfaa9af0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsh1808.tmp\SkinBtn.dll
      Filesize

      4KB

      MD5

      e4ec95271ff1bcebab49bdfed6817a22

      SHA1

      2c03e97f4773aea80ecdb98a1482e5896fe4677b

      SHA256

      ee1c06692a757473737b0ebdef16f77b63afac864d0890022d905e4873737dd6

      SHA512

      771a527133806307a1b17b7e956d6a3c16e9bc675bf084b43204ae784a057dac2726dbf90645692876043a4e7365ba8825c167621fde4760c79cd84679e2aa3d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsh1808.tmp\Slide 05.jpg
      Filesize

      4.7MB

      MD5

      fd1781e66c38e8e8e664566e22a07d73

      SHA1

      625daf223f856cfcf8417d96c0029e1a13b56d74

      SHA256

      a514dac7f7c033a8c5e8eecc74ec806bd7fcecd4d217d59f326bf5246aef981d

      SHA512

      7c65ffa0a0c6fe64d51e2c9e348e7fcd556cad3f2cdd0847ddcc6ece1e6951d1c33d9382ab79abb044fc056a3668ed59e355472e5c59d4551e60f9d81cf79f88

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsh1808.tmp\System.dll
      Filesize

      11KB

      MD5

      c17103ae9072a06da581dec998343fc1

      SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

      SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

      SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsh1808.tmp\licenseEN.rtf
      Filesize

      63KB

      MD5

      e6e36d4f5d374e08336bcc218e56df57

      SHA1

      9f9fdc1685832a8c183fcf7dce06d69c7cce68e8

      SHA256

      c4b8c123e131b50a3086cd7c65acc94b3b73be9859951ff3dffec2fe106165a4

      SHA512

      8c75437ba58a9a6c7bbef13b21df90d24ac15ac1f73daab6eae85df68eb6f5bb439132f24c69f63b6cca4c75b39e083aee0bfadbcc436d22e82cde70a592f83f

      Download Submit

    • memory/2960-161-0x0000000002F80000-0x0000000002F8B000-memory.dmp

      Filesize

      44KB

      Download