Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3dRipperPro.exe

windows7-x64

1

3dRipperPro.exe

windows10-2004-x64

1

Bulk Downloader.exe

windows7-x64

1

Bulk Downloader.exe

windows10-2004-x64

1

Command Li...es.cmd

windows7-x64

1

Command Li...es.cmd

windows10-2004-x64

1

Data/3dripper.exe

windows7-x64

1

Data/3dripper.exe

windows10-2004-x64

1

Data/3dripper.exe

windows7-x64

1

Data/3dripper.exe

windows10-2004-x64

1

Data/DecryptTex.exe

windows7-x64

7

Data/DecryptTex.exe

windows10-2004-x64

7

Data/Noesi...is.exe

windows7-x64

3

Data/Noesi...is.exe

windows10-2004-x64

3

Data/Noesi...gl.dll

windows7-x64

3

Data/Noesi...gl.dll

windows10-2004-x64

3

Data/Noesi...is.dll

windows7-x64

3

Data/Noesi...is.dll

windows10-2004-x64

3

Data/Noesi...on.dll

windows7-x64

3

Data/Noesi...on.dll

windows10-2004-x64

3

Data/Noesi...bx.dll

windows7-x64

3

Data/Noesi...bx.dll

windows10-2004-x64

3

Data/Noesi...iew.py

windows7-x64

3

Data/Noesi...iew.py

windows10-2004-x64

3

Data/Noesi...sis.py

windows7-x64

3

Data/Noesi...sis.py

windows10-2004-x64

3

Data/cares.dll

windows7-x64

1

Data/cares.dll

windows10-2004-x64

1

Data/colla...mt.dll

windows7-x64

1

Data/colla...mt.dll

windows10-2004-x64

1

Data/gdal201.dll

windows7-x64

1

Data/gdal201.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    19/06/2024, 15:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Data/DecryptTex.exe

  • Size

    21.9MB

  • MD5

    d3b193a11118b4f16d23c7f751d4cbfb

  • SHA1

    012d625ffcb291ebdfce7be7009bb9232bc4099b

  • SHA256

    f255a15a18b6b9745ae74cf3d9689d6dcfbece4e3d01e9bb5eb3ed2854e21524

  • SHA512

    30d4d3ab03c0218c98a5f8bf723894fd7cb0484b81299ce697ee9ca0018bc685896f7354e9ced22dc41a087eb1eb35d74e0a90434fd4da20729e6dc8506c663f

  • SSDEEP

    393216:sPJscZFZs0InEroXHWe/ZODNoWruy3VU3o+qDPv2q9ANWW+N14S2qWqgAjlFw4qL:utZDmErUHWeGrugO4PXANWWftrAMV

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Data\DecryptTex.exe
    "C:\Users\Admin\AppData\Local\Temp\Data\DecryptTex.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1120
    • C:\Users\Admin\AppData\Local\Temp\Data\DecryptTex.exe
      "C:\Users\Admin\AppData\Local\Temp\Data\DecryptTex.exe"
      2⤵
      • Loads dropped DLL
      PID:236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI11202\api-ms-win-core-file-l2-1-0.dll
    Filesize

    11KB

    MD5

    721b60b85094851c06d572f0bd5d88cd

    SHA1

    4d0ee4d717aeb9c35da8621a545d3e2b9f19b4e7

    SHA256

    dac867476caa42ff8df8f5dfe869ffd56a18dadee17d47889afb69ed6519afbf

    SHA512

    430a91fcecde4c8cc4ac7eb9b4c6619243ab244ee88c34c9e93ca918e54bd42b08aca8ea4475d4c0f5fa95241e4aacb3206cbae863e92d15528c8e7c9f45601b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI11202\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    14KB

    MD5

    1ed0b196ab58edb58fcf84e1739c63ce

    SHA1

    ac7d6c77629bdee1df7e380cc9559e09d51d75b7

    SHA256

    8664222823e122fca724620fd8b72187fc5336c737d891d3cef85f4f533b8de2

    SHA512

    e1fa7f14f39c97aaa3104f3e13098626b5f7cfd665ba52dcb2312a329639aaf5083a9177e4686d11c4213e28acc40e2c027988074b6cc13c5016d5c5e9ef897b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI11202\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    11KB

    MD5

    7e8b61d27a9d04e28d4dae0bfa0902ed

    SHA1

    861a7b31022915f26fb49c79ac357c65782c9f4b

    SHA256

    1ef06c600c451e66e744b2ca356b7f4b7b88ba2f52ec7795858d21525848ac8c

    SHA512

    1c5b35026937b45beb76cb8d79334a306342c57a8e36cc15d633458582fc8f7d9ab70ace7a92144288c6c017f33ecfc20477a04432619b40a21c9cda8d249f6d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI11202\python310.dll
    Filesize

    4.2MB

    MD5

    384349987b60775d6fc3a6d202c3e1bd

    SHA1

    701cb80c55f859ad4a31c53aa744a00d61e467e5

    SHA256

    f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

    SHA512

    6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_MEI11202\ucrtbase.dll
    Filesize

    1011KB

    MD5

    849959a003fa63c5a42ae87929fcd18b

    SHA1

    d1b80b3265e31a2b5d8d7da6183146bbd5fb791b

    SHA256

    6238cbfe9f57c142b75e153c399c478d492252fda8cb40ee539c2dcb0f2eb232

    SHA512

    64958dabdb94d21b59254c2f074db5d51e914ddbc8437452115dff369b0c134e50462c3fdbbc14b6fa809a6ee19ab2fb83d654061601cc175cddcb7d74778e09

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI11202\api-ms-win-core-file-l1-2-0.dll
    Filesize

    11KB

    MD5

    5a72a803df2b425d5aaff21f0f064011

    SHA1

    4b31963d981c07a7ab2a0d1a706067c539c55ec5

    SHA256

    629e52ba4e2dca91b10ef7729a1722888e01284eed7dda6030d0a1ec46c94086

    SHA512

    bf44997c405c2ba80100eb0f2ff7304938fc69e4d7ae3eac52b3c236c3188e80c9f18bda226b5f4fde0112320e74c198ad985f9ffd7cea99aca22980c39c7f69

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_MEI11202\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    11KB

    MD5

    91a2ae3c4eb79cf748e15a58108409ad

    SHA1

    d402b9df99723ea26a141bfc640d78eaf0b0111b

    SHA256

    b0eda99eabd32fefecc478fd9fe7439a3f646a864fdab4ec3c1f18574b5f8b34

    SHA512

    8527af610c1e2101b6f336a142b1a85ac9c19bb3af4ad4a245cfb6fd602dc185da0f7803358067099475102f3a8f10a834dc75b56d3e6ded2ed833c00ad217ed

    Download Submit