Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

AUU.exe

windows7-x64

AUU.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 18:54

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    AUU.exe

  • Size

    15.2MB

  • MD5

    68d0f08ce7022a9efc6040811e210a87

  • SHA1

    4cf6b6b407c1e38ea7d7513a71c7e0838f8cc41c

  • SHA256

    1dc42a5492beb9f421d61c16adb4e859c8f34b43fc4d3e7e122d8ede40be4972

  • SHA512

    7db67192313c47f7400914905c475978d8ca9e3190ebe0477af6327f72352b7217b24c1bb097a2680a5e6eb21cbabaa40bd2873624467f10460695d37cafd056

  • SSDEEP

    393216:LSIgLFKv6KD8INvH/IiD+J7js83uN0EWXHIcNC:LSIgRvKDTpHzDi7Q8+aEcIcs

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AUU.exe
    "C:\Users\Admin\AppData\Local\Temp\AUU.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:484
    • C:\Users\Admin\AppData\Local\Temp\AUU.exe
      "C:\Users\Admin\AppData\Local\Temp\AUU.exe"
      2⤵
      • Loads dropped DLL
      PID:1720
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1056
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1332

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\_MEI4842\api-ms-win-core-file-l1-2-0.dll
        Filesize

        18KB

        MD5

        19df2b0f78dc3d8c470e836bae85e1ff

        SHA1

        03f2b5b848a51ee52980bf8595c559b89865de07

        SHA256

        bd9e07bbc62ce82dbc30c23069a17fbfa17f1c26a9c19e50fe754d494e6cd0b1

        SHA512

        c1c2b97f484e640bfdda17f7ed604d0583c3d4eaf21abf35491ccedc37fa4866480b59a692776687e5fda3eaeafb4c7bdb34dec91f996fd377a328a89c8d5724

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI4842\api-ms-win-core-file-l2-1-0.dll
        Filesize

        18KB

        MD5

        adb3471f89e47cd93b6854d629906809

        SHA1

        2cfc0c379fd7f23db64d15bdff2925778ff65188

        SHA256

        355633a84db0816ab6a340a086fb41c65854c313bd08d427a17389c42a1e5b69

        SHA512

        f53e11aa35911d226b676d454e873d0e84c189dd1caea8a0fe54d738933cd6b139eca48630f37f5979ef898950d99f3277cba6c7a697103f505d876bea62818c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI4842\api-ms-win-core-processthreads-l1-1-1.dll
        Filesize

        18KB

        MD5

        247061d7c5542286aeddade76897f404

        SHA1

        7285f85440b6eff8731943b73502f58ae40e95a2

        SHA256

        ccb974c24ddfa7446278ca55fc8b236d0605d2caaf273db8390d1813fc70cd5b

        SHA512

        23ef467f6bb336d3e8c38000d30a92dac68e2662891863475ff18dbddbbbce909c12d241b86dbdea085e7d19c82cd20d80a60ffb2845f6afebedf06507afe5bc

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI4842\api-ms-win-core-timezone-l1-1-0.dll
        Filesize

        18KB

        MD5

        bdd63ea2508c27b43e6d52b10da16915

        SHA1

        2a379a1ac406f70002f200e1af4fed95b62e7cb8

        SHA256

        7d4252ab1b79c5801b58a08ce16efd3b30d8235733028e5823f3709bd0a98bcf

        SHA512

        b0393f0d2eb2173766238d2139ae7dea7a456606f7cb1b0e8bc0375a405bc25d28ef1c804802dddb5c3dbd88cfd047bfa5c93cbb475d1d6b5a9a893b51e25128

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI4842\python311.dll
        Filesize

        5.7MB

        MD5

        953fc00f36fda68583d1226ae79ba516

        SHA1

        baa1a725f215047da02517107d2e6f962064af5c

        SHA256

        bb7a2138115e4107d6745e66e89f8be77ac269ae04098545e9ad51bc2772e9d6

        SHA512

        341ca85781b3db95927234fedd6a017d22a2593c99cd0bad0487ac0380d3baac5a477d091376e3c3e903497bf01ae72f39b07da3a3348c759ac40aacb0ca3662

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_MEI4842\ucrtbase.dll
        Filesize

        959KB

        MD5

        34168a4af676d6a5733bbf7a0905d3c7

        SHA1

        ba63e51ab3cd90666eb9a9bb0232502a5ec629ff

        SHA256

        2ab2a74bcb5bfd8248d232eb3bc56698fb5173b9ff7fc0daf87d8120d0f448d7

        SHA512

        c049c166b2b00dc30b0edae5d78badfffea7fb105f0cff9f3ae2c947ddf3ecde6331855b7ebed3f4ce923cc365b053b3a679319b2c6efa85ed0b9a7ddb5676ab

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_MEI4842\api-ms-win-core-localization-l1-2-0.dll
        Filesize

        20KB

        MD5

        6b4f2ca3efceb2c21e93f92cdc150a9d

        SHA1

        2532af7a64ef4b5154752f61290dcf9ebeea290f

        SHA256

        b39a515b9e48fc6589703d45e14dcea2273a02d7fa6f2e1d17985c0228d32564

        SHA512

        63a42dd1cb95fd38ddde562108c78e39cb5d7c9406bf749339e717c2cd866f26268d49b6bd966b338de1c557a426a01a24c2480f64762fef587bc09d44ada53b

        Download Submit

      • memory/1056-1997-0x0000000002E10000-0x0000000002E11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1332-1998-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

        Filesize

        4KB

        Download