Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

db4fc048dd...18.exe

windows7-x64

3

db4fc048dd...18.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ta.dll

windows7-x64

3

$PLUGINSDI...ta.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows7-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

TeamViewer.exe

windows7-x64

7

TeamViewer.exe

windows10-2004-x64

7

TeamViewer...op.exe

windows7-x64

3

TeamViewer...op.exe

windows10-2004-x64

3

TeamViewer...en.dll

windows7-x64

1

TeamViewer...en.dll

windows10-2004-x64

1

TeamViewer...ce.exe

windows7-x64

3

TeamViewer...ce.exe

windows10-2004-x64

3

TeamViewer...es.dll

windows7-x64

1

TeamViewer...es.dll

windows10-2004-x64

1

tv_w32.dll

windows7-x64

3

tv_w32.dll

windows10-2004-x64

3

tv_w32.exe

windows7-x64

3

tv_w32.exe

windows10-2004-x64

3

tv_x64.dll

windows7-x64

1

tv_x64.dll

windows10-2004-x64

1

tv_x64.exe

windows7-x64

1

tv_x64.exe

windows10-2004-x64

1

x64/TVMonitor.sys

windows7-x64

1

x64/TVMonitor.sys

windows10-2004-x64

1

Analysis

  • max time kernel
    14s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/09/2024, 22:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/nsis7z.dll

  • Size

    176KB

  • MD5

    06ff2b95b8e123d32487b0cb73409031

  • SHA1

    8cb3f584112db4e74cea4ed02d4ce0b3a5373bfa

  • SHA256

    0dedad042a306da32784c3ce79bfac0475b827e416c17e1a1dfdb461151f4271

  • SHA512

    174e7599ba87bc45111ce340d7563771353df71988d6b9094d8bdeab4b45ec730cbd2e6bf3943ad66daa02d7f1f1eac0020b987109fabed96b2e0def8d0602c6

  • SSDEEP

    3072:rfSCQ4FYoKhEHvf4aytolZ8MMNjXtWXTkibb7zHetRYFJ8:HFYosEH3UtoX8fUtXPOm

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsis7z.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2276
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 228
        3⤵
        • Program crash
        PID:2280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.