Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

46e8b747b9...18.exe

windows7-x64

7

46e8b747b9...18.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

SPACE.exe

windows7-x64

1

SPACE.exe

windows10-2004-x64

1

SPACE.exe

windows7-x64

1

SPACE.exe

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 18:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uninst.exe

  • Size

    69KB

  • MD5

    8ddeb34848577f9853bedbec4924e114

  • SHA1

    c31e26ed9956a47ad081213ead5c22967ad5ce2a

  • SHA256

    3499f8698c2e87c723b27ee94c8488c2e0d204409223d4a58b660c29cb596bd5

  • SHA512

    b3d8e8a7ef7e90e4c81fb3f2d445eeae16e8aae0868161fd7b0a73afcaed2f6cdcd389584f7014e05d06dcb20119e3b5f683a4e22bc3c590d24c1b1b15744340

  • SSDEEP

    1536:QyZMSZFvknTePMZd4k4kJJkYRN6QcIAqbu31zQ1x:fZMJnTeM4cJJkqvu3tQT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uninst.exe
    "C:\Users\Admin\AppData\Local\Temp\uninst.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2644
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2768
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.hao6.com/?xz
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2800
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85f28404ea78c0eb4882c2451d9056e3

    SHA1

    bd2f766dd62504f4c47ba25d4a2cc790d0fccd9a

    SHA256

    4c34bb51172892f7f215ce8ee496a8ce88d73905a3a82402c4088fb341748658

    SHA512

    0f628b623f5180d747059776a76f4d0015ec1e47e1cff1303c3ff6a33abede84aae582b6a7900e6fbe594e51eb110b8109cad0dfacb1779d3ca7d08b22097aba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02e13e33deaef4552f236d30b5b45e16

    SHA1

    3c47718beeaedf592d87de1e26dfc9d35d8c3503

    SHA256

    43d4c875e8af553d13889afe1f41b4bea37d9f5d8fc58a17ad47e7b83c507b63

    SHA512

    8f8cb0d09d851334a28b30fe0a1499aaf258457fc7dc2499bde006039be88c8a8e95664cee8f15769af23a71734e8b046cc029f67043ad990ac284dc948b5a38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    478bb7b7199916014f8d9a6b67865db2

    SHA1

    cd3389c01736861c1f2e7ba2973bc8e393381912

    SHA256

    ee8692051f5c097617f0111e63075ad641d77a707bec6a1a1f4c2349fd5f8a4e

    SHA512

    0bed8c0a532a188642e58a4f01cfcf204cc308a6a3a385e70f3edc31b49490606d824ad15e59731f5c37927dac4b066cd81d8565d805b106d47b750e0411e3ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34c461257daf5a647205943d3c0ee828

    SHA1

    c32c57e5dea820551c019f7ad41de4d7de16d86d

    SHA256

    bbf0768b9b31abacd8c9d78ac0c029caf74a046b78d1f9e01af9dc2b759e4249

    SHA512

    f3a6acd9d2f8afa89aae2ceeacae166cfb9c25ccad5eb4908b11ca9807077ef7fe7b23e3200322d7b742ddf79b0608e23508cbe928d0f3632062fbde0ce06c1c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34240a40d545598782e8fbe4ca0209c2

    SHA1

    ad35c6df8521df029b1c914a1d1c38eec194122d

    SHA256

    2c0a1d4a1027c4800f9c09597d210edacb49ff583b931a8141bb90d75c70d7b7

    SHA512

    347c7a9cf2c83c72cbbbc5854a2e234e5ab29e1f7f04a2e0e8b5556e10a6dfe00d5242261d5d8d00f509772e0480d3fba0bc49a57928baa97002f2e942fb4b24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f050ae3a7d5620c856982e2d22e753c8

    SHA1

    2adea36abbf72d0af115d8a8e0275447213b685c

    SHA256

    887020ba09a08ead8caabf57dcc2b89af8b90a6a333a641b87ebbdaf351fb5f6

    SHA512

    7ca7723166a391418bdfaefce9b3ceed1262a534ca01af1bbec9aad484587afd4e916ea17f8c4badfba4c411df48b230f6f98a2770a166c624f222bd9d47ace4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e16b330c1ee539090bca3d29c852043

    SHA1

    a5742a6bb2d7b80fa19bf79fdf0524df12cc11aa

    SHA256

    b0d7966add7df494fbc91360ded61ddf5970a328b2371e28d356b50fc34d80b2

    SHA512

    562110fed094929dbc36c2e85a39c81b4bfd456aa63e09b5a8e150119bdeb4da1e31406741b30036e97746a90c9a4b44acbb11aab42c8ddeeebf62c708c402dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ced1590f0732fca3b472d25d05e139dc

    SHA1

    7d59d59f220389f940cf2c15a748319372079c52

    SHA256

    859de50a8a11e2ad5d44d2230752d8b47b667bf521f9acfc6a604d62cd2c468f

    SHA512

    3a49de22c3a962d4297340f90c8cc9dacf7e5dec5e3c7391b8a47a74c9254927bd952e78fc0adcff0e3d7bb32eb957bf1acb5de41e440f31b50a3603433df9e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c09bc039f2a87822ab2ba036bb53e4c

    SHA1

    e5ed957e5f05671c6707edce319afa86d8d59317

    SHA256

    25d01011e4cb5783b25a59598d92e80c971f9f26ddb0d45662d8a226a70153e3

    SHA512

    a9776a99993d5bf505424cab76a1588161a6ab6566def550ed40e49f257fefa38a172f431ac61d7a519671ab50a7594ac8e6a8808f460d2de5cc1ddc2bc4323c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bc14b978d7fa97e12507a6365a0f9a3

    SHA1

    c5d2da5b469b6d57b7601042957a5f9210e75926

    SHA256

    c1e59d4e7a890c7fd4e67ace7e6f13ffb805a2e112892d142562f09c034d5c7d

    SHA512

    2b9b0f63d70c70bb74d30d3b9a34d3c56cc29cdaf6ddee830371a2413407ce71c065555356a1d229fe9cf9d3ed671f46022623ae747549f4f5230b1e381dedb3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77135cb47601410da976e54f9a15ddfa

    SHA1

    541eef514cdc90f36b7297422f1986f60c04294b

    SHA256

    8942cba36f038e25a48d7e52c69dddd689842a09d1d4f42c2a8880868845c784

    SHA512

    7c49d99b6a22cea31e7cfd143cea72b27dcc5ce6b19099a83146a784d1d753a0644e6cae3622780c3ebaf3890803081a3f618222f94dfcdac3155de53a150339

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4dc01097be30c9b0f5fb8217458dbf6d

    SHA1

    4338f1869f8389923e1e0d43ca849711fd09b76a

    SHA256

    7756975e4f71bca9adf8e08c60b26060239bd218450ca49411e18b7ac9acba56

    SHA512

    59b82c65c2962844998a5ffaaa64d3d1085243edeaf529fbf7bb476b31fa1afd58afc76e794096b72f15a1dd7adb418ff206479e62ed3cb86a73c34a23b18a77

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad99262e5dd6d2a81e294ad8bbca857b

    SHA1

    dee9c582c74c8db24a7b3c684fdcf63397de87af

    SHA256

    37c36f9ad147eff84f4d544684630c3ebc2a9d6b21f7ed39df8f4eb5c78616ab

    SHA512

    7abb29e7bd60dbf5dd756a26adf6b7d89a3efebeac112ceb8a39479940fb1d967d8aa87f40ec7d0fb42f3da5ffbf6262b4f99d16bf00b4e20cd198a7f71e602c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bb323f6cdbf204a561a086540986d92

    SHA1

    b50c993035a0a9566aa366c3d41eb4fcffd0fbe7

    SHA256

    83d6ad472be550f4f361e6ebf0ea417e9ec165c18f970ae19fe6c3490dca4fac

    SHA512

    2310aab55bf0c20755d5a9183e11910d2982c7cd44bcb9e7dca979dbc8867af96688eba14a8121f6860fa7cff301d9a7875b49be9c95900683f6dc8842161371

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9378bbf51119f2000cf8b410e71fa0f

    SHA1

    ad058e148df991d54b4a4bdd16a06df24ed21534

    SHA256

    61f310e3550732277a6bb7c794054bd94b75053d24b10bd6368955b79f508604

    SHA512

    d564b827a3730e4a199daffca0340c46b79f8871beea6342dc409f784061bcff8733072c258737418d6e66f74fdd0385d6882d8518ec81c22030e33a83f9fb94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24d8249b34b01890b63585ef08eb7c72

    SHA1

    6cc5bd1dd688a530d03aa7548e5746bbd07cdeb6

    SHA256

    883d720f9fc8eb130c018da526cc919387d641f3b9d851dd3cae830eca2f8117

    SHA512

    34ca94211a0ffaf346580c1c5c1aa9dd3929a84817f849888b9244d557c22aa17ea4bd1e4e4cd9cf4ad57a462df470851fd906b026722e7ed73ea4d643b67289

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cf8b817d101f5b8f740ef5d8a3f5bb98

    SHA1

    6610945d4ba7f8fe52b107128b973d2b4ead9add

    SHA256

    c14bef28fdca4212739180e828070d057e7fa03e89dcf52b270272246cf1ea0e

    SHA512

    9f09aca766e9bf9da5a9ea6caf287070acb9bf4b580267bec7dfdf3b06a3feb0ff93792028c13ff561ca2916cf335c0ee2a95639481795f31954a5b37a193833

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e696497f49ab9f2033d8bb190a014d8

    SHA1

    28ce41675e984dede07db184467ad447cc5a8b3a

    SHA256

    84c4b8c349dce8356c03bda555af43e0beb8c5807b76cfae78875a3db37128d1

    SHA512

    2860951877db4239e59ce32111f1d5728a5ce12ee479fcd0cf1218bca6cf5136a3da0a317543f2b77a3fb25c4c67d7b5dd8cc6e0229bef9934c14cccd8c526eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a783c317dbee0da2ccfaaf07fc908760

    SHA1

    dc4dc62a00a947972b8b440311327015bbc7b6fb

    SHA256

    c4196ef441f58ab5d8c004979a45af218ac078b2d80d5c57a1c236cb7b027fc3

    SHA512

    d41395d0dcdcb9aeb572548e63b28ed176649e3acd2d4918c4a724f423e3d564d18b3ccf509394d8e3f84effe66d5af224304647c89ade2042cab8bbfe749783

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE3FB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE49B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    69KB

    MD5

    8ddeb34848577f9853bedbec4924e114

    SHA1

    c31e26ed9956a47ad081213ead5c22967ad5ce2a

    SHA256

    3499f8698c2e87c723b27ee94c8488c2e0d204409223d4a58b660c29cb596bd5

    SHA512

    b3d8e8a7ef7e90e4c81fb3f2d445eeae16e8aae0868161fd7b0a73afcaed2f6cdcd389584f7014e05d06dcb20119e3b5f683a4e22bc3c590d24c1b1b15744340

    Download Submit