Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

xp-AntiSpy...se.exe

windows7-x64

7

xp-AntiSpy...se.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

xp-AntiSpy.chm

windows7-x64

1

xp-AntiSpy.chm

windows10-2004-x64

1

xp-AntiSpy.exe

windows7-x64

3

xp-AntiSpy.exe

windows10-2004-x64

3

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/08/2024, 00:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xp-AntiSpy_setup-simplified-chinese.exe

  • Size

    301KB

  • MD5

    c4060d4966fb91389ee0966334c3161a

  • SHA1

    3286fda7158a3a2e9e0251f0be25436919c945eb

  • SHA256

    c698e08514125abe6ae27f2a1db74a1e78dddb6983f0bd3fea19e6d5f1b1d8f7

  • SHA512

    14f13537b1a66c88d3f2ba02c8e16e60f8cc36a17a43d7c5053e472d9027c2dd513b194f8ee442135bf332a003f3090aca4b4e13bedee856c76ab963533def72

  • SSDEEP

    6144:Tr/3K7EY/bgErxDCT2ekezWWpqCp1YiUiJcruG:38E3yxDy2e2WJp12iJcruG

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\xp-AntiSpy_setup-simplified-chinese.exe
    "C:\Users\Admin\AppData\Local\Temp\xp-AntiSpy_setup-simplified-chinese.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:4260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsx73F8.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    b3ebe1cb6bdd529302c121dd4e2e0d00

    SHA1

    305f022e7e3ef0ae6cdc5f18bd6adc3032f64304

    SHA256

    5a1696f9892567b3339faf2bf4df5eb1d2d886c49807529028b65f0f493e79b2

    SHA512

    6f6ea4aec1588bb6f7ab4f8422942ac0acbddb8b916af2ead039b434bec6db4d0bf64deb3b8d6cc33666cabd70024a1208411ab6e0ee10bcf98c47951f8d359a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsx73F8.tmp\ioSpecial.ini
    Filesize

    609B

    MD5

    c53c3521b7335f21a3f848e947f80908

    SHA1

    92d4ef2a285f1946009b10cbc54f4db0b7372d22

    SHA256

    7dd46b100b155b241ffacd48221be527396d0bb363c72b3c77f19ecad26bda99

    SHA512

    9ff3647fa47c7f288c3ea2bb76bcd4bc343b88510189f6bf57a5fc28711d926581a8edc2b03c1b1fde3c590ac1927ac58af2b4660f3003b50992d3553f6b0950

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsx73F8.tmp\ioSpecial.ini
    Filesize

    648B

    MD5

    f69de1b353fb882252a4eb87c1caf77a

    SHA1

    51329406ccee8e1ceba6ff1ce04697cc8a529975

    SHA256

    5f861174768b272486e941886c10029f5c4e9c494eeab988bb92e105901cae3b

    SHA512

    2473f1817c6c1ae3a22cc16ffe16f26005d62892d6e3b884ef1b5dbd414615958d04ece6464766f18572a19e612817f32e62a3fab336ca4affeaa73dacd7b2fb

    Download Submit