Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7HotelMIS_special.exe
windows7-x64
7HotelMIS_special.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3ConfigServer.exe
windows7-x64
1ConfigServer.exe
windows10-2004-x64
1GuiTk115.dll
windows7-x64
3GuiTk115.dll
windows10-2004-x64
3MFC71.dll
windows7-x64
1MFC71.dll
windows10-2004-x64
1help.doc
windows7-x64
4help.doc
windows10-2004-x64
1hotelMIS.exe
windows7-x64
1hotelMIS.exe
windows10-2004-x64
1libmySQL.dll
windows7-x64
3libmySQL.dll
windows10-2004-x64
3license.rtf
windows7-x64
4license.rtf
windows10-2004-x64
1msvcp71.dll
windows7-x64
3msvcp71.dll
windows10-2004-x64
3msvcr71.dll
windows7-x64
3msvcr71.dll
windows10-2004-x64
3mysqld.exe
windows7-x64
1mysqld.exe
windows10-2004-x64
1share/char...s.html
ubuntu-18.04-amd64
1share/char...s.html
debian-9-armhf
1share/char...s.html
debian-9-mips
1share/char...s.html
debian-9-mipsel
1tmpl/ReportDay.xls
windows7-x64
1tmpl/ReportDay.xls
windows10-2004-x64
1tmpl/ReportSsy.xls
windows7-x64
1tmpl/ReportSsy.xls
windows10-2004-x64
1Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
23/07/2024, 10:21
Behavioral task
behavioral1
Sample
HotelMIS_special.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
HotelMIS_special.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
ConfigServer.exe
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
ConfigServer.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
GuiTk115.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
GuiTk115.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
MFC71.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
MFC71.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
help.doc
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
help.doc
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
hotelMIS.exe
Resource
win7-20240705-en
Behavioral task
behavioral14
Sample
hotelMIS.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
libmySQL.dll
Resource
win7-20240704-en
Behavioral task
behavioral16
Sample
libmySQL.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral17
Sample
license.rtf
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
license.rtf
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
msvcp71.dll
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
msvcp71.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
msvcr71.dll
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
msvcr71.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
mysqld.exe
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
mysqld.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
share/charsets/languages.html
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral26
Sample
share/charsets/languages.html
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral27
Sample
share/charsets/languages.html
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral28
Sample
share/charsets/languages.html
Resource
debian9-mipsel-20240418-en
Behavioral task
behavioral29
Sample
tmpl/ReportDay.xls
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
tmpl/ReportDay.xls
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
tmpl/ReportSsy.xls
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
tmpl/ReportSsy.xls
Resource
win10v2004-20240709-en
General
-
Target
HotelMIS_special.exe
-
Size
4.4MB
-
MD5
28c496e7858fe08d033471188758ae05
-
SHA1
f9e2b499793571e63eeeda42fec5f35c29ac4d8e
-
SHA256
6a6205ae89cf59a35824fe19cf0b43f040bcf17aa38cbea4667483eda5371f88
-
SHA512
fa04faa33dedadd87846e907ae31f9b80d1fefd843373a9d1dce74ff33a1e9fb32c58f918dabfc718e80e5917122eed639a11971bb32e82fc81fae7871920c64
-
SSDEEP
98304:Au7/6DqskEQHVuiI6u01OwmjeDc470I7iL4rSkzF7HBVroZSfvfmMluFIcQE/SiG:z/6mRNVuiubKDICSk9/tjlR3
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 3012 HotelMIS_special.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3012 HotelMIS_special.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
613B
MD55c7d53cfb61190cca395619a87c03996
SHA1e3a7ab631fb5f9d4800050c49e311f645f91d4da
SHA256292da406ab0e7d2131612ff4805333390878d79447ee52a0f304540c0c309a1c
SHA512bf6bd0fc3dc31ea0feef372e383187a38b8bd31624ea13bc7bd15aa5280a784bbb09a05c21fa131fe46d1f7138a9e366317883e00e5d21e7f8526dd5187125ab
-
Filesize
600B
MD5afc58e735fc87814e6283349d7719422
SHA13bda13380c44a8f4672c8e3f729f3e26c9c115bd
SHA256d5cd2f3f556b443c0c536e158d279f7969b9ba0fc9b4c4e4f173e5b19aeaf73b
SHA5120ca6ec44997d5fff9bc0bad2b0790921bd67532c3cd9972f629c1489847109e28aa24123699ecb3452fef55be36c2c2dd986deff82177077d813a54abfa00bc1
-
Filesize
14KB
MD5b18dfaded8f6d2380fdfd8f6b6969211
SHA1969fa0e906240ab1123254feeb833c275626cf76
SHA256747d0222b652dbfc85e0de4f8486473662d325a55e32c7eacb91e53e37ceba58
SHA51225fb09b8657997d31e61c908f1cd08357c1a1b68bbb1ba377e87b6a3eb347a2ef96c1a771b6c4332853abb33728c55c83efa73df5da03f3dfc132f8a69a2886c