Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

Setup NANI v2.0.0.exe

windows10-1703-x64

7

Setup NANI v2.0.0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    34s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/09/2024, 19:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup NANI v2.0.0.exe

  • Size

    8.3MB

  • MD5

    8deac3b42768ad22d58c4be22453d53f

  • SHA1

    325d1310b4efcd07f3d26f940b55c18871316ba4

  • SHA256

    0f50639167a19bffd3fbf0ada44aeb35598678937e90b11dcbbcda224877e671

  • SHA512

    c2e1d88750511b62b3d031c95994d750500238ff7d50a69c4130362cb3f2a4fc62e0e766aa64fde50ff8bea8a248fdd42395195243878b677ae40ff24c8ae174

  • SSDEEP

    196608:ozu8QRNGoWJ+UdxOqtzsUA5dE8e9KMGkf1YwsNhvFvGJLE:cDQYoMFxVe1dK9KMGkf1YzFu5E

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup NANI v2.0.0.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup NANI v2.0.0.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:964
    • C:\Users\Admin\AppData\Local\Temp\is-460V9.tmp\Setup NANI v2.0.0.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-460V9.tmp\Setup NANI v2.0.0.tmp" /SL5="$60092,8347982,121344,C:\Users\Admin\AppData\Local\Temp\Setup NANI v2.0.0.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:460

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    71.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    71.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.249.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.249.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    18.134.221.88.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    18.134.221.88.in-addr.arpa
    IN PTR
    Response
    18.134.221.88.in-addr.arpa
    IN PTR
    a88-221-134-18deploystaticakamaitechnologiescom
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    71.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    71.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    196.249.167.52.in-addr.arpa
    dns
    73 B
     147 B
     1
    1

    DNS Request

    196.249.167.52.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    18.134.221.88.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    18.134.221.88.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-0TCPG.tmp\ISSKINU.DLL
    Filesize

    357KB

    MD5

    f30afccd6fafc1cad4567ada824c9358

    SHA1

    60a65b72f208563f90fba0da6af013a36707caa9

    SHA256

    e28d16fad16bca8198c47d7dd44acfd362dd6ba1654f700add8aaf2c0732622d

    SHA512

    59b199085ed4b59ef2b385a09d0901ff2efde7b344db1e900684a425fc2df8e2010ca73d2f2bffa547040cb1dd4c8938b175c463ccc5e39a840a19f9aa301a6c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-0TCPG.tmp\R2RINNO.dll
    Filesize

    4KB

    MD5

    fe369a9470426cf1570198224f8922b0

    SHA1

    82cf9e81262feaa0648b20c90c88b53c9d1e9e01

    SHA256

    75e01c305e8e28eea25dea2b4b83c3d230ee6ec4ae4fe017bc7b52292e27b961

    SHA512

    fb31b0a0dd982f1e25f68027ae39ab2eeaeb53d570b0f60204fa058d356773c70d56fa420c12a4ee8cfaf6040be320304e16f6a8343b4b70ae231dbb3291570f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-0TCPG.tmp\SKIN.CJSTYLES
    Filesize

    813KB

    MD5

    5f87caf3f7cf63dde8e6af53bdf31289

    SHA1

    a2c3cc3d9d831acd797155b667db59a32000d7a8

    SHA256

    4731982b02b067d3f5a5a7518279a9265a49fb0f7b3f8dc3d61b82a5359d4940

    SHA512

    4875298d82037ef1fff1ee3c58a9059d8480274326c862729fcc56664ecb49e2692c3838948c66dc8336e4050469d831cbf1fbd79b66565ab673d2a67765109d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-460V9.tmp\Setup NANI v2.0.0.tmp
    Filesize

    1.1MB

    MD5

    34acc2bdb45a9c436181426828c4cb49

    SHA1

    5adaa1ac822e6128b8d4b59a54d19901880452ae

    SHA256

    9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

    SHA512

    134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

    Download Submit

  • memory/460-60-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-56-0x00000000751E0000-0x000000007528F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/460-58-0x0000000074CE0000-0x0000000074D54000-memory.dmp

    Filesize

    464KB

    Download

  • memory/460-25-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-32-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-41-0x0000000076030000-0x0000000076113000-memory.dmp

    Filesize

    908KB

    Download

  • memory/460-40-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-42-0x0000000075290000-0x0000000075843000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/460-71-0x0000000074CE0000-0x0000000074D54000-memory.dmp

    Filesize

    464KB

    Download

  • memory/460-73-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-82-0x0000000075290000-0x0000000075843000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/460-81-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-80-0x0000000073EA0000-0x0000000073FC2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/460-79-0x0000000074CE0000-0x0000000074D54000-memory.dmp

    Filesize

    464KB

    Download

  • memory/460-78-0x0000000074D60000-0x0000000074F70000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/460-77-0x00000000751E0000-0x000000007528F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/460-76-0x0000000075290000-0x0000000075843000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/460-75-0x0000000076030000-0x0000000076113000-memory.dmp

    Filesize

    908KB

    Download

  • memory/460-74-0x0000000076120000-0x00000000761FC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/460-72-0x0000000073EA0000-0x0000000073FC2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/460-70-0x0000000074D60000-0x0000000074F70000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/460-69-0x00000000751E0000-0x000000007528F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/460-68-0x0000000075290000-0x0000000075843000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/460-67-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-66-0x0000000073EA0000-0x0000000073FC2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/460-65-0x0000000074CE0000-0x0000000074D54000-memory.dmp

    Filesize

    464KB

    Download

  • memory/460-64-0x00000000766B0000-0x00000000766D5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/460-63-0x0000000074D60000-0x0000000074F70000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/460-62-0x00000000751E0000-0x000000007528F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/460-61-0x0000000075290000-0x0000000075843000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/460-6-0x0000000000400000-0x000000000052E000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/460-59-0x0000000073EA0000-0x0000000073FC2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/460-18-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-16-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-49-0x0000000075290000-0x0000000075843000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/460-55-0x0000000075290000-0x0000000075843000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/460-54-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-53-0x0000000073EA0000-0x0000000073FC2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/460-52-0x0000000074CE0000-0x0000000074D54000-memory.dmp

    Filesize

    464KB

    Download

  • memory/460-51-0x0000000074D60000-0x0000000074F70000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/460-50-0x00000000751E0000-0x000000007528F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/460-57-0x0000000074D60000-0x0000000074F70000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/460-48-0x0000000076030000-0x0000000076113000-memory.dmp

    Filesize

    908KB

    Download

  • memory/460-47-0x0000000076120000-0x00000000761FC000-memory.dmp

    Filesize

    880KB

    Download

  • memory/460-46-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-45-0x0000000073EA0000-0x0000000073FC2000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/460-44-0x0000000074D60000-0x0000000074F70000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/460-43-0x00000000751E0000-0x000000007528F000-memory.dmp

    Filesize

    700KB

    Download

  • memory/460-37-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-39-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-38-0x00000000766B0000-0x00000000766D5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/460-36-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-33-0x00000000759B0000-0x0000000075A2A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/460-35-0x0000000074060000-0x0000000074090000-memory.dmp

    Filesize

    192KB

    Download

  • memory/460-34-0x00000000766B0000-0x00000000766D5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/460-31-0x00000000766B0000-0x00000000766D5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/460-28-0x00000000759B0000-0x0000000075A2A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/460-30-0x00000000759B0000-0x0000000075A2A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/460-29-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-27-0x0000000003310000-0x0000000003371000-memory.dmp

    Filesize

    388KB

    Download

  • memory/460-26-0x00000000759B0000-0x0000000075A2A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/460-24-0x00000000759B0000-0x0000000075A2A000-memory.dmp

    Filesize

    488KB

    Download

  • memory/460-167-0x0000000000400000-0x000000000052E000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/460-315-0x0000000000400000-0x000000000052E000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/964-2-0x0000000000401000-0x0000000000412000-memory.dmp

    Filesize

    68KB

    Download

  • memory/964-0-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.