Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

db4fc048dd...18.exe

windows7-x64

3

db4fc048dd...18.exe

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ta.dll

windows7-x64

3

$PLUGINSDI...ta.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows7-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

TeamViewer.exe

windows7-x64

7

TeamViewer.exe

windows10-2004-x64

7

TeamViewer...op.exe

windows7-x64

3

TeamViewer...op.exe

windows10-2004-x64

3

TeamViewer...en.dll

windows7-x64

1

TeamViewer...en.dll

windows10-2004-x64

1

TeamViewer...ce.exe

windows7-x64

3

TeamViewer...ce.exe

windows10-2004-x64

3

TeamViewer...es.dll

windows7-x64

1

TeamViewer...es.dll

windows10-2004-x64

1

tv_w32.dll

windows7-x64

3

tv_w32.dll

windows10-2004-x64

3

tv_w32.exe

windows7-x64

3

tv_w32.exe

windows10-2004-x64

3

tv_x64.dll

windows7-x64

1

tv_x64.dll

windows10-2004-x64

1

tv_x64.exe

windows7-x64

1

tv_x64.exe

windows10-2004-x64

1

x64/TVMonitor.sys

windows7-x64

1

x64/TVMonitor.sys

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11/09/2024, 22:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TeamViewer.exe

  • Size

    6.2MB

  • MD5

    ed51d984bc14ebb3b65825155efe2bff

  • SHA1

    49f857d36b8f01fa1615c21990190099d0051034

  • SHA256

    8fe23d189b1b527a0b473a0e19e4e5a80073c23a8f4406a492081637a5ba9b0d

  • SHA512

    06749fa5965041b145ee53c202fb3eb1044eaedca2eecd9a012427c3cbf548c9daad43cf1e5d4bebe1a332786d36bf1f2058a8e8bcad3d774902df8966fac401

  • SSDEEP

    98304:MQO7fXpxi3w+LO4x56OvRByeAp4LwNqiNh1eyRTxVkjko70hPHoDaV541o+pYCst:MQODp2O4iOWtqiQAZbIIBVg+

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 4 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TeamViewer.exe
    "C:\Users\Admin\AppData\Local\Temp\TeamViewer.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:1296
    • C:\Users\Admin\AppData\Local\Temp\tv_w32.exe
      "C:\Users\Admin\AppData\Local\Temp\tv_w32.exe" --action hooks --log C:\Users\Admin\AppData\Roaming\TeamViewer\TeamViewer7_Logfile.log
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2748
    • C:\Users\Admin\AppData\Local\Temp\tv_x64.exe
      "C:\Users\Admin\AppData\Local\Temp\tv_x64.exe" --action hooks --log C:\Users\Admin\AppData\Roaming\TeamViewer\TeamViewer7_Logfile.log
      2⤵
        PID:2736

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\CabAEE7.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\TeamViewer\TeamViewer7_Logfile.log
      Filesize

      2KB

      MD5

      01259e0a510c5a445edce625d60a1e05

      SHA1

      cfbbc906069ef94fdd6ad81f4b02a7da6e2e929a

      SHA256

      df7e3b988fadc2f40936af16ab0fab8878968c4190279339839bc4a7537a679c

      SHA512

      67c966ef692441b0a7c3a3bdee3c899ce5ef79b3c62e6266434767517dfb1695075b33b655d21b2807f74542edf14a1e49bb9c7db275aa348b3ae2d1c3d5d49a

      Download Submit

    • memory/1296-14-0x0000000000710000-0x0000000000711000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1296-16-0x0000000000710000-0x0000000000711000-memory.dmp

      Filesize

      4KB

      Download