Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d202bce77d...18.exe

windows7-x64

3

d202bce77d...18.exe

windows10-2004-x64

3

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ew.dll

windows7-x64

3

$PLUGINSDI...ew.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$SMSTARTUP...��.exe

windows7-x64

3

$SMSTARTUP...��.exe

windows10-2004-x64

3

$TEMP/Kuai...te.exe

windows7-x64

7

$TEMP/Kuai...te.exe

windows10-2004-x64

7

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$TEMP/Kuai...te.exe

windows7-x64

7

$TEMP/Kuai...te.exe

windows10-2004-x64

7

$PLUGINSDI...64.dll

windows7-x64

3

$PLUGINSDI...64.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2024, 13:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/KuaiWan_Update/KuaiwanUpdate.exe

  • Size

    70KB

  • MD5

    8b2fb19cfb18197fb55b3f21d58f2edb

  • SHA1

    2af21e2d58e67075df24736789104a057692e1e8

  • SHA256

    0787371e1a258899470a7d547d26e2856444e7e9158d8c96d65613145ffb80f4

  • SHA512

    9c7c456597d67c90ca8aea5b6f4f807e386dd5dc5da34c84a1a6a64c33f11d81f32407d74ecc78315165c5c36a66b6f264f44f19abad4a7446a648bd3288696e

  • SSDEEP

    1536:IZFwlrRfoowfoMTIxpIplqu4VGPJB6phruR/DZhbDfO9alVZ/afC2:IZGlFw7fonu4sPJB098/DjxT49

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 15 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\KuaiWan_Update\KuaiwanUpdate.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\KuaiWan_Update\KuaiwanUpdate.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    PID:2172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nst9501.tmp\Base64.dll
    Filesize

    32KB

    MD5

    fb6ffa30b708e9413d71a2c95558d0f1

    SHA1

    a4a67a7b6c53e47f9a741e06c701e03382dc548f

    SHA256

    3ae1c3fbf851e0de9865191b00b5fc26be32eb4f2ccb81b47e1488c2805402ae

    SHA512

    b1e4e9e263add6c6d9f7309d739375725f7c4afd645caebea903f7b8963c0ac8d2728dee3edd999f8496b100ba8bd5fd7e5c3c4c17ca0bbcd24923c0cb270415

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst9501.tmp\System.dll
    Filesize

    10KB

    MD5

    4eff5fafd746f5decb93a44e3a3d570c

    SHA1

    a11aa7681b7e2df1c7f7492a127d332d1495ea8a

    SHA256

    cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5

    SHA512

    cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst9501.tmp\inetc.dll
    Filesize

    18KB

    MD5

    94a8ace2be90a687c1b1729c32c66e50

    SHA1

    94cff89cc170c00b1f849460f78cb12ab8730538

    SHA256

    1a6c160fd844dea35195371476119f91eab302d701b0f6f1c3fe87ad92cc93df

    SHA512

    ba23dfa7a29450451ac3f6ef6bf9e89352e1d17f7a2b7c7e5a87839becd6676542d2189d443322b3cad08b1bcac8851eebf9964fa37190e551f0bd717dcc5deb

    Download Submit