Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

ef289b99dc...bc.exe

windows7-x64

7

ef289b99dc...bc.exe

windows10-2004-x64

7

$PLUGINSDI...ay.dll

windows7-x64

3

$PLUGINSDI...ay.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

7

$PLUGINSDI...on.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    14s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    10/08/2024, 04:19 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ef289b99dc8b77779b5fede08992c71bbcf64e0e65d979f7eb68804a41f4d2bc.exe

  • Size

    98KB

  • MD5

    3dc037f09bc9f32a61a3d58630e503e2

  • SHA1

    07b1a41efb357d3a4253a8f323692dc4a6970d53

  • SHA256

    ef289b99dc8b77779b5fede08992c71bbcf64e0e65d979f7eb68804a41f4d2bc

  • SHA512

    17ade2f9c32a2d726f178eed8e90258e9f4959ceafe78d322720624f1a7816a9dbb20468260b54c7b298a851d88f3701958e9b4dcf71693b65b47b85658ac301

  • SSDEEP

    3072:XgXdZt9P6D3XJA45eqokQnn3UQwIAwP5kgU/um1:Xe34eFqo/n/bRkgpm1

Score
7/10
discoveryupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 10 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ef289b99dc8b77779b5fede08992c71bbcf64e0e65d979f7eb68804a41f4d2bc.exe
    "C:\Users\Admin\AppData\Local\Temp\ef289b99dc8b77779b5fede08992c71bbcf64e0e65d979f7eb68804a41f4d2bc.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2552

Network

  • flag-us
    DNS
    download.software112.com
    ef289b99dc8b77779b5fede08992c71bbcf64e0e65d979f7eb68804a41f4d2bc.exe
    Remote address:
    8.8.8.8:53
    Request
    download.software112.com
    IN A
    Response
  • flag-us
    DNS
    pf.software112.com
    ef289b99dc8b77779b5fede08992c71bbcf64e0e65d979f7eb68804a41f4d2bc.exe
    Remote address:
    8.8.8.8:53
    Request
    pf.software112.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    download.software112.com
    dns
    ef289b99dc8b77779b5fede08992c71bbcf64e0e65d979f7eb68804a41f4d2bc.exe
    70 B
     150 B
     1
    1

    DNS Request

    download.software112.com

  • 8.8.8.8:53
    pf.software112.com
    dns
    ef289b99dc8b77779b5fede08992c71bbcf64e0e65d979f7eb68804a41f4d2bc.exe
    64 B
     144 B
     1
    1

    DNS Request

    pf.software112.com

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsz4970.tmp\splash.gif
    Filesize

    10KB

    MD5

    0e5e3f52f11092dac9189f64ca4dc1b7

    SHA1

    86f53ca07e7d9ef2273b128298c29ec29dd2d353

    SHA256

    e32776874b31a5cf9bd03c91c4f79ba44ff365a7d55ff438eaaf94323c032a0a

    SHA512

    48e0506e63f75ac41b9ed87b57494c7d519a87f3d59d3c398d52254476b06f90b492f654da098682e1d0551660b73d993cb8d66fa3b7c1103e539dc07711a0d1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsz4970.tmp\NSISArray.dll
    Filesize

    19KB

    MD5

    14b848866035dea39b912da628307231

    SHA1

    d00c8963aee8038d8a22f098cef69b31007196e5

    SHA256

    6a129a9eefae85a9412e889e0c74fdaa21d20254fa13cacef5429885775017dc

    SHA512

    4538058426c742bf7d823d1cac5303eeff8bf0b524459262181ac79695eead705e7590ae63ce996b8e3afd9a6c8d1fec503f9a11772ebe5c5c4e01930ed97b16

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsz4970.tmp\NSISdl.dll
    Filesize

    14KB

    MD5

    a5f8399a743ab7f9c88c645c35b1ebb5

    SHA1

    168f3c158913b0367bf79fa413357fbe97018191

    SHA256

    dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

    SHA512

    824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsz4970.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsz4970.tmp\newadvsplash.dll
    Filesize

    8KB

    MD5

    7ee14dff57fb6e6c644b318d16768f4c

    SHA1

    9a5d5b31ab56ab01e9b0bd76c51b8b4605a8ccce

    SHA256

    53377d0710f551182edbab4150935425948535d11b92bf08a1c2dcf989723bd7

    SHA512

    0565ff2bdbdf044c5f90bd45475d478b48cdbd5e19569976291b1bdd703e61355410c65f29f2c9213faf56251beb16d342c8625288dad6afc670717b9636d51f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsz4970.tmp\version.dll
    Filesize

    6KB

    MD5

    ebc5bb904cdac1c67ada3fa733229966

    SHA1

    3c6abfa0ddef7f3289f38326077a5041389b15d2

    SHA256

    3eba921ef649b71f98d9378dee8105b38d2464c9ccde37a694e4a0cd77d22a75

    SHA512

    fa71afcc166093fbd076a84f10d055f5a686618711d053ab60d8bd060e78cb2fdc15fa35f363822c9913413251c718d01ddd6432ab128816d98f9aabf5612c9f

    Download Submit

  • memory/2552-49-0x0000000002340000-0x000000000234C000-memory.dmp

    Filesize

    48KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.