Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

02b8abad47...18.exe

windows7-x64

7

02b8abad47...18.exe

windows10-2004-x64

7

$0/uninstall.exe

windows7-x64

7

$0/uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$0/zwankysearch.dll

windows7-x64

1

$0/zwankysearch.dll

windows10-2004-x64

1

$0/zwankysearch.exe

windows7-x64

1

$0/zwankysearch.exe

windows10-2004-x64

1

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 04:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $0/uninstall.exe

  • Size

    83KB

  • MD5

    26d12a09fd0b7b3e32e93355a3a110af

  • SHA1

    1e1e8772d579ae03fd6f35a7b95fe6fd384cf5a1

  • SHA256

    82a1fe8e22e3e3ccb149d5bdcc8cbfec18d89dd9277b909e725faed309165487

  • SHA512

    524df1ec0ad2980236601fa1abfd30451f4d3eac681ad50d12ad9b981f5c75ff7b0dab0541ad269edb5e4e653088635acb1522f1c2d8bd0816db0be11901aa56

  • SSDEEP

    1536:WEkjY1zy214Qay0DGkJ7qAELVigJ83ZKRcpw/1q792sX7Ia12/DCJ:9kjAJ4dDGkJ+AI0vcuo1qRka0/s

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 1 IoCs
    installer
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$0\uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\$0\uninstall.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:836
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$0\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: GetForegroundWindowSpam
      PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nso70ED.tmp\ioSpecial.ini
    Filesize

    619B

    MD5

    fd986d18e8dad0ea0a44efe715ef37e0

    SHA1

    8e9862f9340ae21542ed10edccb748353323d830

    SHA256

    8b1cc4ab7207249c4d5d7db9de067a1331a997e01ccfdc9cdea7f61ef49140fc

    SHA512

    ba55273f371bf5c034c0d40a6d8376454cd7a16660e29b1bba7571399303ff52620f3e834621d15588926343de89c902b625777137d25a7e0c9bfe844d67159c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nso70ED.tmp\ioSpecial.ini
    Filesize

    632B

    MD5

    4607fae1a93483c558d1b37056096659

    SHA1

    3d6bbbbfd30e0c915c76944b845319d0d66f4c12

    SHA256

    100023f9b9082fbcd6110c0c11c3f83e0df0aa41d4a2b98c3925be3e1a281d17

    SHA512

    14d05d2921e5e68b6fb88f0ffdb281bd4c0f7c96d757d3fc5692ff058e60fc2a379a5f801830db363c018e8a21b6ed5870a836e7e63ac4cc44531280bd568d48

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso70ED.tmp\InstallOptions.dll
    Filesize

    13KB

    MD5

    d765c492c21689e3d9d61634371fd861

    SHA1

    ac200933671ae52c9d5544d0e2e8e9144d286c83

    SHA256

    551e6042dd494ea01549555ffc194ab9729da09058ec714eb368dd06642c9bbc

    SHA512

    9919a9e848c8f1e26c75d0d29207571e4b86a4140bd554743d2c1f8bd7f386fe4919345b163d89a5d907fb165e435ba0ac5f6b1101713636141f156a420e2e0f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nso70ED.tmp\System.dll
    Filesize

    10KB

    MD5

    fe24766ba314f620d57d0cf7339103c0

    SHA1

    8641545f03f03ff07485d6ec4d7b41cbb898c269

    SHA256

    802ef71440f662f456bed6283a5ff78066af016897fe6bfd29cac6edc2967bbd

    SHA512

    60d36959895cebf29c4e7713e6d414980139c7aa4ed1c8c96fefb672c1263af0ce909fb409534355895649c0e8056635112efb0da2ba05694446aec2ca77e2e3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    83KB

    MD5

    26d12a09fd0b7b3e32e93355a3a110af

    SHA1

    1e1e8772d579ae03fd6f35a7b95fe6fd384cf5a1

    SHA256

    82a1fe8e22e3e3ccb149d5bdcc8cbfec18d89dd9277b909e725faed309165487

    SHA512

    524df1ec0ad2980236601fa1abfd30451f4d3eac681ad50d12ad9b981f5c75ff7b0dab0541ad269edb5e4e653088635acb1522f1c2d8bd0816db0be11901aa56

    Download Submit