Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4bf4916a9b...18.exe

windows7-x64

7

4bf4916a9b...18.exe

windows10-2004-x64

7

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

OfferBoxSetupES.exe

windows7-x64

7

OfferBoxSetupES.exe

windows10-2004-x64

7

OfferBoxSetupFR.exe

windows7-x64

7

OfferBoxSetupFR.exe

windows10-2004-x64

7

OfferBoxSetupIT.exe

windows7-x64

7

OfferBoxSetupIT.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OfferBoxSetupIT.exe

  • Size

    173KB

  • MD5

    59d5ef582a3b3762a74c2c891bc270ed

  • SHA1

    6991f525215d3701ab8ff644bc00c1dce1ced991

  • SHA256

    44f69592e97ff286bb3b4d65727cd458aec6753db56590456efba70e147b1b88

  • SHA512

    52fade716741698cc505bf06d9878a43822ac6da7390e52119b45e0cb647a16f60a27d1b1437e390b4501d514bc4e1cf619c34209ee1d8125110de2cdf146f5a

  • SSDEEP

    3072:Ubr1YUfD6mJLqlHM9DgMyHmaaulyWhZ4i+yYOrCX1CtcgtUoZ0MwZDXIEtbU:UuPlHMiy4D+FWCX1y/Z0DHtbU

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\OfferBoxSetupIT.exe
    "C:\Users\Admin\AppData\Local\Temp\OfferBoxSetupIT.exe"
    1⤵
    • Loads dropped DLL
    PID:232

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nscCCA7.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5b84d250794433db5a2d26f34699dd9

    SHA1

    bc06abccf6a4783973ec11b6766b43b4a265820c

    SHA256

    96f3357a024c549d7cb9e6447b1a56a2a8029b4f12e6e597428e68620761c5e0

    SHA512

    121d67f85a24096799ed913dccb64ef65d9479f98a6d88c2a0e05f05a65f460d557c5fdfe2c42a0a61b9cbaedd9b7031978111a2713250a89848ab4f3bb4ce84

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nscCCA7.tmp\NsisPluginOB.dll
    Filesize

    237KB

    MD5

    43b84e0d6777cd953e230363bdf8ec51

    SHA1

    7ebb88108ea6f0683bd3a69b2d3ff61264153da3

    SHA256

    99cd9e6f03a7b757928bb56d8a04484289ee2a9ae1bd15ceffb48b6f6db04378

    SHA512

    dcef7644fd569e896547bf422f056a756acb817b619c34f9bae125b15b689cb2355c1af685420805ae790e1e0c183ea518da7c95b33b88ff481ee60f4a3f4cbd

    Download Submit