Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
357113e6cab...0N.exe
windows7-x64
757113e6cab...0N.exe
windows10-2004-x64
7$APPDATA/H...xy.dll
windows7-x64
3$APPDATA/H...xy.dll
windows10-2004-x64
3$APPDATA/H...ep.exe
windows7-x64
1$APPDATA/H...ep.exe
windows10-2004-x64
1$APPDATA/H...b1.dll
windows7-x64
1$APPDATA/H...b1.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3$PLUGINSDI...os.dll
windows7-x64
1$PLUGINSDI...os.dll
windows10-2004-x64
1$TEMP/HssI...er.exe
windows7-x64
1$TEMP/HssI...er.exe
windows10-2004-x64
1$TEMP/tapinstall.exe
windows7-x64
1$TEMP/tapinstall.exe
windows10-2004-x64
1HssWPR/Hss...er.exe
windows7-x64
1HssWPR/Hss...er.exe
windows10-2004-x64
1bin/HssInstaller.exe
windows7-x64
1bin/HssInstaller.exe
windows10-2004-x64
1bin/af_proxy.dll
windows7-x64
3bin/af_proxy.dll
windows10-2004-x64
3bin/af_proxy_cmd.exe
windows7-x64
1bin/af_proxy_cmd.exe
windows10-2004-x64
1Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
13/07/2024, 05:58
Static task
static1
Behavioral task
behavioral1
Sample
57113e6cabcb9b9683243e402ab09710N.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
57113e6cabcb9b9683243e402ab09710N.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$APPDATA/Hotspot Shield/report/af_proxy.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$APPDATA/Hotspot Shield/report/af_proxy.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$APPDATA/Hotspot Shield/report/af_proxy_cmd_rep.exe
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$APPDATA/Hotspot Shield/report/af_proxy_cmd_rep.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
$APPDATA/Hotspot Shield/report/zlib1.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$APPDATA/Hotspot Shield/report/zlib1.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsisos.dll
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/nsisos.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
$TEMP/HssInstaller.exe
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
$TEMP/HssInstaller.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
$TEMP/tapinstall.exe
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
$TEMP/tapinstall.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
HssWPR/HssInstaller.exe
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
HssWPR/HssInstaller.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
bin/HssInstaller.exe
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
bin/HssInstaller.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
bin/af_proxy.dll
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
bin/af_proxy.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
bin/af_proxy_cmd.exe
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
bin/af_proxy_cmd.exe
Resource
win10v2004-20240709-en
General
-
Target
$PLUGINSDIR/nsisos.dll
-
Size
5KB
-
MD5
b1e1f665d57874de41df72dda21bc6a9
-
SHA1
4898d7b41b48ef6350b0b6730805f201e52e4cb4
-
SHA256
0619ec35b9632b28d84e39343b6dbc5ef9732c85f1ca97c05aee744d22b7e930
-
SHA512
9f3a5fcab235d15d2f477ec335d08a490c889842c227aed49179dab4fc909221c66d9d6110b465da8a4a4b07cac07192e22b1fd62d96e2494baf510858ea004a
-
SSDEEP
48:StaC3KocZctyk+T69J+dFk6wO1mvu1A8ZkcG64wlfCSCAD7:ly3cZeyk+T6J+dFaVuA8ZQ6L5CtAD
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2080 wrote to memory of 1952 2080 rundll32.exe 30 PID 2080 wrote to memory of 1952 2080 rundll32.exe 30 PID 2080 wrote to memory of 1952 2080 rundll32.exe 30 PID 2080 wrote to memory of 1952 2080 rundll32.exe 30 PID 2080 wrote to memory of 1952 2080 rundll32.exe 30 PID 2080 wrote to memory of 1952 2080 rundll32.exe 30 PID 2080 wrote to memory of 1952 2080 rundll32.exe 30