Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

311d327646...ec.zip

windows10-1703-x64

1

HTCTL32.dll

windows10-1703-x64

3

NSM.lic

windows10-1703-x64

3

NSM.ini

windows10-1703-x64

1

PCICHEK.dll

windows10-1703-x64

1

PCICL32.dll

windows10-1703-x64

1

TCCTL32.dll

windows10-1703-x64

1

client32.exe

windows10-1703-x64

10

client32.ini

windows10-1703-x64

1

install/24...nifest

windows10-1703-x64

3

install/brand_config

windows10-1703-x64

1

install/br...st.xml

windows10-1703-x64

1

install/clidmgr.exe

windows10-1703-x64

1

install/in...e.json

windows10-1703-x64

3

install/manifest.json

windows10-1703-x64

3

install/pa...ge.cab

windows10-1703-x64

1

partner_config

windows10-1703-x64

1

resources/...ip.zip

windows10-1703-x64

1

resources/tablo

windows10-1703-x64

1

install/pr...ata.pb

windows10-1703-x64

3

msvcr100.dll

windows10-1703-x64

3

nskbfltr.inf

windows10-1703-x64

1

nsm_vpro.ini

windows10-1703-x64

1

pcicapi.dll

windows10-1703-x64

1

remcmdstub.exe

windows10-1703-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    138s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    20/06/2024, 22:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    install/install_state.json

  • Size

    1KB

  • MD5

    ee98e8f0fc597e544430d6a60b74a23d

  • SHA1

    6f40ecdc3157c76a6559b313c5218713a8d09035

  • SHA256

    9fc2b15d6983aa169846d72dcceea59824cba852fd9e295dd8fcadf0e9eb2292

  • SHA512

    0408a460be8997b12e9805fefbdccef78259f5d12b49950ce811b4999de46be86286195561e28f4deefa0705cad0fab3d82b0f40e8562335e8aff39516537438

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\install\install_state.json
    1⤵
    • Modifies registry class
    PID:2196
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3076

Network

  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    214.143.182.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    214.143.182.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    214.143.182.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    214.143.182.52.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.