Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1775982923...18.exe

windows7-x64

7

1775982923...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Lang/__init__.py

windows7-x64

3

Lang/__init__.py

windows10-2004-x64

3

Lang/__init__.pyc

windows7-x64

3

Lang/__init__.pyc

windows10-2004-x64

3

Lang/lang.py

windows7-x64

3

Lang/lang.py

windows10-2004-x64

3

Lang/lang.pyc

windows7-x64

3

Lang/lang.pyc

windows10-2004-x64

3

MSVCR71.dll

windows7-x64

3

MSVCR71.dll

windows10-2004-x64

3

MyTorrentD...er.exe

windows7-x64

1

MyTorrentD...er.exe

windows10-2004-x64

1

MyTorrentD...er.url

windows7-x64

6

MyTorrentD...er.url

windows10-2004-x64

3

Uninst.exe

windows7-x64

7

Uninst.exe

windows10-2004-x64

7

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

_controls_.dll

windows7-x64

1

_controls_.dll

windows10-2004-x64

1

_core_.dll

windows7-x64

1

_core_.dll

windows10-2004-x64

1

_gdi_.dll

windows7-x64

1

_gdi_.dll

windows10-2004-x64

1

_hashlib.dll

windows7-x64

1

_hashlib.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 20:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Uninst.exe

  • Size

    64KB

  • MD5

    a1e93c9da52a01233f8459b155085f71

  • SHA1

    f86ec9d4d33f4be172d8d7508476b5e5dcad2dee

  • SHA256

    5c50613ff2f0bdfda5c829eca69717fc5b9ac7a77dd1bbaa5d46c6ac13820046

  • SHA512

    9906f18a92d59dda40391fc541b3745f025d299be3ae8798cee18633664c2b5c79539b29ce5014904dc96898e115e7335aaa20bdb15e95a5656a0d64c91e72cc

  • SSDEEP

    1536:tLXB65939tY6HBg4sXJ0d7EE/1s2SXiMl5Dovxj+h3:tLk395hYXJGEE9s2giM0vxj+h3

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Uninst.exe
    "C:\Users\Admin\AppData\Local\Temp\Uninst.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4344
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsu38F3.tmp\Processes.dll
    Filesize

    35KB

    MD5

    2cfba79d485cf441c646dd40d82490fc

    SHA1

    83e51ac1115a50986ed456bd18729653018b9619

    SHA256

    86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7

    SHA512

    cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    64KB

    MD5

    a1e93c9da52a01233f8459b155085f71

    SHA1

    f86ec9d4d33f4be172d8d7508476b5e5dcad2dee

    SHA256

    5c50613ff2f0bdfda5c829eca69717fc5b9ac7a77dd1bbaa5d46c6ac13820046

    SHA512

    9906f18a92d59dda40391fc541b3745f025d299be3ae8798cee18633664c2b5c79539b29ce5014904dc96898e115e7335aaa20bdb15e95a5656a0d64c91e72cc

    Download Submit