Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

251fd694cd...18.exe

windows7-x64

7

251fd694cd...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...le.exe

windows7-x64

3

$PLUGINSDI...le.exe

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

yourface.exe

windows7-x64

7

yourface.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

MainInstaller.exe

windows7-x64

7

MainInstaller.exe

windows10-2004-x64

7

PingMe.exe

windows7-x64

1

PingMe.exe

windows10-2004-x64

1

Setup.exe

windows7-x64

7

Setup.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...oc.dll

windows7-x64

7

$PLUGINSDI...oc.dll

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

2YourFace_Util.dll

windows7-x64

3

2YourFace_Util.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2024, 07:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    505KB

  • MD5

    5d8d0c08384ad73216d52a2eabc064f5

  • SHA1

    0fa5c77fd6b6323b926c9648679e063d1bbc8bcc

  • SHA256

    30522715240f4a05859099ac370dfb516097ab257402981c6a9ad31951f36cce

  • SHA512

    42a3003019e39622082506c7ae50d8a27e2920fdfdf15eb9a8dbf7f1dbd49a02cd0390dabd74c136ed44e9d8ba270540ce9390f31aa84c2fc9fdfcc9e912dd57

  • SSDEEP

    12288:6xPm2P17YJbq9VXMLVS+n78L6OdBRdrrf3xr5Uw1jcZQM7gMyZQU:6Jh17YYVV+YGsBH3xr5Uw1jcZQM71yZX

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1996

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nst29C0.tmp\ioSpecial.ini
    Filesize

    707B

    MD5

    cefb94523deca168950537cab5ad0b88

    SHA1

    4b723b6d9914d82cdfa890f69c5e7af38012c21c

    SHA256

    e5a5000f06c815d9c199e63e51176c30f66377d1aed316d4a5db6e02c3f72a98

    SHA512

    597fd2d7fa4b1ba6a9dae22d57ebe1f1304af533c902e54c948e7c86b89c1c06e09aa08c21b885cd77a22bce4b959ddf28a1179b8a97a01d5f85c92446342bbe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nst29C0.tmp\ioSpecial.ini
    Filesize

    694B

    MD5

    bafd7fd658f439874eccc7b04e3d5d10

    SHA1

    93643668697e15142e739cc0b3fce47fe6e7ff00

    SHA256

    0cc02e9dd1b88b41a9b4690575bdf64ccb08d4a9dc75296e7dc7d7d72614be5b

    SHA512

    d22d6d28568d798c2bbed570ec631aad9331e682417db1d60a799707c27718bd8b6e5fda2e18d19c3148b9f80c09107245fe0c8a8e3b065f4747b9b0378270f1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst29C0.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit