Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

3f88e738a3...0N.exe

windows7-x64

7

3f88e738a3...0N.exe

windows10-2004-x64

7

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$_2_/MiniQQDL.exe

windows7-x64

7

$_2_/MiniQQDL.exe

windows10-2004-x64

7

$_2_/Tenio...xy.dll

windows7-x64

1

$_2_/Tenio...xy.dll

windows10-2004-x64

1

$_2_/Tenio...DL.dll

windows7-x64

1

$_2_/Tenio...DL.dll

windows10-2004-x64

1

$_2_/Tenio...DL.exe

windows7-x64

7

$_2_/Tenio...DL.exe

windows10-2004-x64

7

$_2_/Tenio...80.dll

windows7-x64

1

$_2_/Tenio...80.dll

windows10-2004-x64

1

$_2_/Tenio...rt.exe

windows7-x64

1

$_2_/Tenio...rt.exe

windows10-2004-x64

1

$_2_/Tenio...80.dll

windows7-x64

1

$_2_/Tenio...80.dll

windows10-2004-x64

1

$_2_/Tenio...80.dll

windows7-x64

1

$_2_/Tenio...80.dll

windows10-2004-x64

1

$_2_/Tenio...pi.dll

windows7-x64

1

$_2_/Tenio...pi.dll

windows10-2004-x64

1

$_2_/Tenio...pp.dll

windows7-x64

1

$_2_/Tenio...pp.dll

windows10-2004-x64

1

$_2_/Tenio...re.dll

windows7-x64

3

$_2_/Tenio...re.dll

windows10-2004-x64

3

$_2_/Tenio...ta.dll

windows7-x64

3

$_2_/Tenio...ta.dll

windows10-2004-x64

3

$_2_/Tenio...tp.dll

windows7-x64

3

$_2_/Tenio...tp.dll

windows10-2004-x64

3

$_2_/atl80.dll

windows7-x64

1

$_2_/atl80.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    116s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/07/2024, 23:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $_2_/MiniQQDL.exe

  • Size

    201KB

  • MD5

    3063dcc85aaf2789dc05d64349b04f60

  • SHA1

    df0f098bb8d8f8fdc7794632a5f0746413cad50e

  • SHA256

    ff00cb35393d600040be9c3bd363890e13188a257114c07dfe1f6f06e5f0d6f1

  • SHA512

    7b9f56d348f420275a3788cf86fcb8ed5451a2c4b0961c51fa2144ad995c4ad66512ab34888065c8b1ac1b1c959183b86c0772e3c97507454a7a24beef2c9f32

  • SSDEEP

    3072:4It9PPcuohxF7qGFAgAQb++ygfN9EVaN0+t9VPuFbwiiOvLhIVqj:4kcL5qr0vKVaC+rPaciiOVQqj

Score
7/10
discovery

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$_2_\MiniQQDL.exe
    "C:\Users\Admin\AppData\Local\Temp\$_2_\MiniQQDL.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3656
    • C:\Users\Admin\AppData\Local\Temp\$_2_\TenioDL\TenioDL.exe
      C:\Users\Admin\AppData\Local\Temp\$_2_\TenioDL\TenioDL.exe
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2244
      • C:\Windows\SysWOW64\icacls.exe
        "C:\Windows\System32\icacls.exe" C:\Users\Admin\AppData\Roaming\Tencent\Config\ /t /setintegritylevel low
        3⤵
        • Modifies file permissions
        PID:3232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Tencent\Config\p2p_common.ini
    Filesize

    94B

    MD5

    b21d22a689196f87ea526272e9d5a72d

    SHA1

    284d76fecc3cfb8a1949888a69db93a25ca2d838

    SHA256

    36c700b50063ba5fba8a51234163a94d3afca4c603028dc273098036334c7025

    SHA512

    060fab3aad8c86409440f6c859c8843dff1f3359865fca39af30a3145066066bd6b3258fb338245840e1bf89155be85fd71ef20cf185b616dfee4df59654e79c

    Download Submit

  • memory/2244-0-0x0000000002170000-0x00000000021DD000-memory.dmp

    Filesize

    436KB

    Download

  • memory/2244-3-0x0000000002B00000-0x0000000002B48000-memory.dmp

    Filesize

    288KB

    Download

  • memory/2244-4-0x0000000002DE0000-0x0000000002E06000-memory.dmp

    Filesize

    152KB

    Download

  • memory/2244-6-0x0000000003010000-0x000000000307E000-memory.dmp

    Filesize

    440KB

    Download