Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

WeChatSetup.exe

windows7-x64

4

WeChatSetup.exe

windows10-2004-x64

4

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

$PLUGINSDI...st.dll

windows7-x64

3

$PLUGINSDI...st.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

4

Uninstall.exe

windows10-2004-x64

4

WeChat.exe

windows7-x64

9

WeChat.exe

windows10-2004-x64

9

WechatAppLauncher.exe

windows7-x64

1

WechatAppLauncher.exe

windows10-2004-x64

1

[3.9.11.19...dk.dll

windows7-x64

1

[3.9.11.19...dk.dll

windows10-2004-x64

1

[3.9.11.19...ll.exe

windows7-x64

4

[3.9.11.19...ll.exe

windows10-2004-x64

4

[3.9.11.19...ne.dll

windows7-x64

1

[3.9.11.19...ne.dll

windows10-2004-x64

1

[3.9.11.19...at.exe

windows7-x64

9

[3.9.11.19...at.exe

windows10-2004-x64

9

[3.9.11.19...xt.exe

windows7-x64

1

[3.9.11.19...xt.exe

windows10-2004-x64

3

[3.9.11.19...ce.dll

windows7-x64

1

[3.9.11.19...ce.dll

windows10-2004-x64

1

[3.9.11.19...pt.exe

windows7-x64

3

[3.9.11.19...pt.exe

windows10-2004-x64

3

[3.9.11.19...te.exe

windows7-x64

3

[3.9.11.19...te.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    24s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 05:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [3.9.11.19]/Uninstall.exe

  • Size

    1.7MB

  • MD5

    a83eca93a0dde026ee845a76b08faafa

  • SHA1

    2eb951e88272b326e48ecc91d88a5423a6233fae

  • SHA256

    f2b2cb78ef1fd7e90bd45ef2a175583ee3c49380748c08e770be52931915ad18

  • SHA512

    f3edb0db98c17c6d6fb6a9676fb3ca8a5f97cad4495b5054d40c0cc7075e8439c1b8f12d7226bb885a638d6be255d7cc5fc2e6e5e4b14751d3efea1fd2027e88

  • SSDEEP

    24576:PGTJPUbMP326XBoBBYHsIfDczcu5IOQ6LbitlK3cBD5Mm1cBJkkMG5pOVUWjPSdu:8I2G0oWMIoVljGG3aqmQkk9OOp8

Score
4/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[3.9.11.19]\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\[3.9.11.19]\Uninstall.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\[3.9.11.19]\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:2372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nse406C.tmp\FindProcDLL.dll
    Filesize

    492KB

    MD5

    633625aa3be670a515fa87ff3a566d90

    SHA1

    de035c083125aef5df0a55c153ef6cc4dd4c15b4

    SHA256

    bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

    SHA512

    3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nse406C.tmp\System.dll
    Filesize

    11KB

    MD5

    ca332bb753b0775d5e806e236ddcec55

    SHA1

    f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

    SHA256

    df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

    SHA512

    2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nse406C.tmp\WeChatInstallDll.dll
    Filesize

    3.6MB

    MD5

    91153d3fc0b835b072aeebc4d8837faf

    SHA1

    1e1e524be7c69077229973e385c447d9692ad937

    SHA256

    a7971bce47584535e9033f9d72d8f6f386c7d8deef3b93e11de50cf9574f7413

    SHA512

    2b49c6d701cc6f0d25a81258dcec2159ab3ea30389d18aadcc486c540f5daf6adedf998def1bf5c5fb4a5712755dbca710387c862a89138b23ec081682e835ec

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    1.7MB

    MD5

    a83eca93a0dde026ee845a76b08faafa

    SHA1

    2eb951e88272b326e48ecc91d88a5423a6233fae

    SHA256

    f2b2cb78ef1fd7e90bd45ef2a175583ee3c49380748c08e770be52931915ad18

    SHA512

    f3edb0db98c17c6d6fb6a9676fb3ca8a5f97cad4495b5054d40c0cc7075e8439c1b8f12d7226bb885a638d6be255d7cc5fc2e6e5e4b14751d3efea1fd2027e88

    Download Submit

  • memory/2372-26-0x0000000006FC0000-0x000000000706B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2372-39-0x0000000006FC0000-0x000000000706B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2372-46-0x0000000006FC0000-0x000000000706B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2372-53-0x0000000006FC0000-0x000000000706B000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2372-66-0x0000000006FC0000-0x000000000706B000-memory.dmp

    Filesize

    684KB

    Download