Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

d55727a505...18.exe

windows7-x64

7

d55727a505...18.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

DTDJ_1.exe

windows7-x64

3

DTDJ_1.exe

windows10-2004-x64

3

bj2.exe

windows7-x64

3

bj2.exe

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 00:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uninst.exe

  • Size

    53KB

  • MD5

    a05d75c66dda773e8144437ed6de7dd8

  • SHA1

    89da1bafee9df87f0dd621a8ab6635c1f70fc081

  • SHA256

    f84234ede986c6fda5fe5764df75e582fa5705ec051ccbeb02fdf295696482ac

  • SHA512

    55cbcb892e4340391d3d846be993421586f654746cfa117261c5b7904de008ddfc8d11ebf633a635295575e5e011e38e3f6bf21471c7623b5ca155e73f00abd7

  • SSDEEP

    1536:gRhoEXBpnbfRpQmJB+1oDDwECy3lvUyS1N:gjJ7nbppQmJBooXwEx1vE1N

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uninst.exe
    "C:\Users\Admin\AppData\Local\Temp\uninst.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2300
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.552200.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:776
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:776 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bbf79f6c34b1eaf7baf2435a5033869f

    SHA1

    c915b91d1898732283f0039bd4940200cfab43f4

    SHA256

    a995595cc4b45439773b2ee592bd00200eba50ed05626619d1ca8261cba154b1

    SHA512

    24699554d1f29810239550b52453e55bcf4991b285170d0913d27aa4bb4c3942c8b35747e039e6637413c84e7b7eae80223859127aaf263c81d9d532598389b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    36e8b0482e4029135505c1a620d07962

    SHA1

    35a900eab8cbe729ef07b2c686b45ce07ba6f1d8

    SHA256

    093c7fd6abb98e650714517ceba6543b6586a0cc039b0d091b16f8716b762d5e

    SHA512

    cb37ec97fee043118a0a8be5b330417c71a09ac83f84ec04ed7d883a251b5d9e944b5e19a3d943c248385884fbd39757fdb985a9c023c9e51f2dfdaa13455a15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff383348d57474de368f595cdab9f602

    SHA1

    78a9980dbdb4803e75bd67ab019d7fcca13f1b78

    SHA256

    a288876877aee4bacd4b18e8e67ae5ac0c16baa803ecc3dd4a55dab8a5ab1198

    SHA512

    229da44c1600d3bcabee78e76cc4f4de155491834867eb0231db6580b91e56c900c3d9f2da19628a9d945097a9ec5d7572d597b37e6f9650ba1da04c28caaba4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8549a51c08f4dd3d45ff30c804d5d05d

    SHA1

    a65c7e2ccf3c2aa16006ec2cbcea45e7a5653b39

    SHA256

    eb0b117482e294a7c03d5d5839ab5e0f044625b891b08f575fd644d3d15b89d5

    SHA512

    48bfb54d9a97884984a83d09a5189a1dcb80f966b8cfa2204f37820c51b0efb56a270af0f56c3e56df807e677fabbf9cf993e6177f62ebfef06948f04ac1a86d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    456a52ce17360348020131a262d6c135

    SHA1

    e822091d800ed0e4a7e446d0f5b6c9c363b135be

    SHA256

    12044139af99fc6effb3a0de3b100fa062eb574c04035398eac6743cfca04390

    SHA512

    ad334412f361476a352ba91b455876e056d485e5778f9c13acc34c1dfd405a90cfb09bf91f29c438a80bb897fe038996380e4525d6f072bcde187d29419b12bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bfc49ceb2bbfddb8416abd449dcdb73

    SHA1

    13ef601b643f58d0e136e8f6265d0adb7ab81f69

    SHA256

    2298bd5b6937b6364d2ad8538c7de9f6ea1b2586e71fbe1f4091f9bbd2a233d6

    SHA512

    f65f5ec498a271b31de7fd7857d57c161eb722075b1d7e6ebe61a4f55e900584ec1f62169aed2e125e4131ab57b99afc2af830803a1bc972520bd3542f5f276e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea5487361d5ae9778582021c08640918

    SHA1

    f47925f239a81a923eb2445c6d8a8ff53b99b0d1

    SHA256

    63ba2f6755a80c15da78e67814bdc92d2495b41d9926f29e5efaa60bc9cd2cb9

    SHA512

    c2163122b5d2c19db21921f4b5144e5f8267a98f32adede94444b23e2c50f9cc5014379a6f1ea59742aec4c7b6bf38be83b70a068e40d63be7fbcd97e77af08e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec2c0f3efb680b811b9bd2fa75b773e4

    SHA1

    c9b10d612d1bf301af7826d6e7e0afca44df6d79

    SHA256

    94f4c7a34b31b632aff4b76fc04c32a82098cdf39ed7ab3ec3e260c46116b124

    SHA512

    c5cf0267ea4f028acd1551f41873adc4a600282a4ee56936f29a60c759c790443d91e253c2e35f4b00e09ceaadd35beb78ed3e83e3efb015595946d5725dc57e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8de74de9d940ceee25fcd7077a298f9

    SHA1

    91ddf04d29977be5230bf4c628019111063a2cf2

    SHA256

    e056e4167ee0ee09ec9e6db1b3beb246f1e0616e1cf7be91428bb2ba1426a692

    SHA512

    c2d81a550dd2ef8520528d89da1189ce8b63f62f711170d30985d2c8db8ce1e5deec0b8f5f444e485b6ae884e6cf1552f3cd2767450edf16104202ebe123cff4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f80d45336207f4b60b423900e1bd5a5

    SHA1

    bcd5af89c501b4d7482ebc03b8bfe81caa7524e2

    SHA256

    60b12fdbd13f6bb7df26399fc40ce1255812ea4c33f1e60be2a819c2dde53660

    SHA512

    9e8b8f1f696389702620888925d78a11be3798942dfc71d77f293a3a0aec31a6de01d55c707f90fe44d05f393298b08ba149eb53115fbca049caf14b543ef31b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ea7dc181f17bb556e43f8bc1445252b3

    SHA1

    43e0e605507f92f6a7eedd6180277fb13ad6dbda

    SHA256

    f30153f21cc3a2193a5fca4491655dd6da90094234d081227b1f9b4cfc0b362b

    SHA512

    dc4ccf1a1a19b9103847cc9e75568041aa902e5509af0df654e07bd066105448ff75e8bf1d35f6838f5157ddf8cee4dc28e6a415a7b4170da86f7917d00ac031

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfcbaddc3f74db20a61fdbc467461185

    SHA1

    fcb1f326f6953815a119422c6939279547f32c67

    SHA256

    fcb73cd0879e18021aaf7b26e9763b488976a232dcfc90036d39c1d25b53ec11

    SHA512

    3759d9b28443fbf962eef95760573bbe3408e5d5f2830d25ece809de27db83622efccaa9735eda359bed2fac40d85caca069a483c20125b3cc55f2d6a576e944

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c7ee0a6cbf4600be0d01c26b41c543f

    SHA1

    c1b304fb6733d67f7438b5f04c36db4d6fd91feb

    SHA256

    c531b4ca60a3617ac62c9afe0f6e0f7da5dce0ac03be99f6ec5f6f84fa9874de

    SHA512

    b7c5e3fb65899b8605e6b6b75eaebeec847b5e84f295b21e337830a6099831583cf5b1156191afece23479606fe1f650ef13b224d90670951ea9dcda41a0e073

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8445c2d595d639dd8fe2acf9ae3de8aa

    SHA1

    5e959a1a8b28938324e6a0590bcc27d0b02f5b05

    SHA256

    74ea61639f90c17bde40322e28729d92c35b9219a27711d6aa75c0b204d80710

    SHA512

    266efff78bd27e64bbf9ddd27d299e61d4b396006ac93bf61413ef474fae7eec0acf3ffc7c7a723faeab56bd425a9549565fab717685ac468a734a1ac27c440f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a61ba5715388dfa967f35a180f06fb58

    SHA1

    9a266ac070003347caddc13698142ea3621f8dae

    SHA256

    3e15c169e4fcdd3ea6d2b74bea79f0296a04a2ea4ca3ebe2380080f2dd600b7b

    SHA512

    7f07878d4dbc5ead7d9153b480af3f0efdc6be9765a641c13dbbd2d0907f4ab968c93d2068d9ec456147994c006b2a154f7377b729e8aa61e062cc51122af0e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d46cb7407fc8a4ec2b8c5f6cec029fc

    SHA1

    d720c3e8c413a21c5c3c2532353481540c207e65

    SHA256

    21233dc671aa44a80bd88ef479775d4886da2d9260e15b5c34bda1d90469ef65

    SHA512

    e9abcf1d2f026c7ffce8a1aad9f3a1e1e0be926070f27d3e5dd7ceb757f52befc29fe9d697505feea175d4edcf920d5c61696051f69be2ec56c0f52c178d40d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b78e20fa955c9121c3a6356c7b0093b

    SHA1

    bb1321d035219b5c2fd7210299cbce2690f8bfec

    SHA256

    8d9a901784fd45ec6290be4808bb7db662cbc13a6dd2ef82e6ab427500234dab

    SHA512

    eba4ff4a52f8d88594d21dbf2acdd92ee99b7e50b316f3dfb47563f002428f85abc736122334db584120d71a199e103c23134aeda4f63ceb3f282965b0081440

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    05d956d00af4020bcb198441ef0917d0

    SHA1

    5913a651b045f6bd609c682fe963f90be0e00aef

    SHA256

    c86893c426af05ab805ca5c932a51a1e436a82dd37526ae9b72ec101615541c1

    SHA512

    ddc18fb0fa8553e612fd1e4b0fae743ff7be1490d2114edfc3d70ae7d6123f5aaec03d8fe8a249dee4de29b2e2eb3d3e7cec6a13cc20773d97471c7b9747b8cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    91248144c441b1257a20050c1362bd2c

    SHA1

    1434b43d35b4fe542ed563a75c4e670bdae9f6c7

    SHA256

    37c1f7828ae70e0a16c32d91e804912580b0ef9f3dbdb6902a90310fff8eaaa9

    SHA512

    bdb04af78ed2535dc6aa7f028a9f029751f1187a28d24e5bb5f1c1b81a1dec2df834df07239d0846e4f153cd589e3ebe71b0fe95f044af523dde21303ef4c5a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD5D9.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD762.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    53KB

    MD5

    a05d75c66dda773e8144437ed6de7dd8

    SHA1

    89da1bafee9df87f0dd621a8ab6635c1f70fc081

    SHA256

    f84234ede986c6fda5fe5764df75e582fa5705ec051ccbeb02fdf295696482ac

    SHA512

    55cbcb892e4340391d3d846be993421586f654746cfa117261c5b7904de008ddfc8d11ebf633a635295575e5e011e38e3f6bf21471c7623b5ca155e73f00abd7

    Download Submit