Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

geode-inst...in.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Geode.dll

windows10-2004-x64

1

GeodeUninstaller.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

GeodeUpdater.exe

windows10-2004-x64

1

VC_redist.x64.exe

windows10-2004-x64

4

XInput1_4.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    207s
  • max time network
    210s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GeodeUninstaller.exe

  • Size

    158KB

  • MD5

    29b6d2990f9f399b5582c5939aba4eb0

  • SHA1

    c0666f6064780345d268ca68fe0e86e7418c0039

  • SHA256

    c9438abf8c9fd6f11a242925d444c03af72017d9f9339bf3bf521504abea6f6a

  • SHA512

    8814591817e30b15a2d7ea381e5a1614d196a965ad042ef5ef44c6b6e32153d8cb8d250b183575a4d185e13911d97028609df9f12e29ea5d9a316e78f837288e

  • SSDEEP

    3072:Qrv+LsMjvFsOTb98xQT+5U5qwqF3gIXKVxpW+SzdkVraG:UWLsKB0IqJ7gzSzmVT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GeodeUninstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\GeodeUninstaller.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nszD1B9.tmp\LangDLL.dll
    Filesize

    8KB

    MD5

    313661ec12ed5ce1fd0b3292bf02cb69

    SHA1

    fd341676cf680a9f0f690c35b43feadc0693e9a8

    SHA256

    2e08e077a0800ec39c0596f4dd91cbbfa917eeef2d75a00767917b8d1f6884ac

    SHA512

    a16f35c6019eb1431a3d03fb7d0935c272756f2a8363f541e168a55b2e20a85ee90191715c845ab0588eef8f2af6cf91ac75c5bf1a5d0c61c513339006da9ff2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~nsu1.tmp\Un.exe
    Filesize

    158KB

    MD5

    29b6d2990f9f399b5582c5939aba4eb0

    SHA1

    c0666f6064780345d268ca68fe0e86e7418c0039

    SHA256

    c9438abf8c9fd6f11a242925d444c03af72017d9f9339bf3bf521504abea6f6a

    SHA512

    8814591817e30b15a2d7ea381e5a1614d196a965ad042ef5ef44c6b6e32153d8cb8d250b183575a4d185e13911d97028609df9f12e29ea5d9a316e78f837288e

    Download Submit

  • memory/2044-5-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2812-12-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/2812-16-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download