Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

23c707f9cc...1N.exe

windows7-x64

7

23c707f9cc...1N.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/VVSNInst.exe

windows7-x64

7

$TEMP/VVSNInst.exe

windows10-2004-x64

7

$WINDIR/Sy...ms.dll

windows7-x64

3

$WINDIR/Sy...ms.dll

windows10-2004-x64

3

$WINDIR/Sy...ax.dll

windows7-x64

3

$WINDIR/Sy...ax.dll

windows10-2004-x64

3

Arcade!.exe

windows7-x64

3

Arcade!.exe

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uninst.exe

  • Size

    41KB

  • MD5

    3ffe03fe0a494a88b37618bc40db695f

  • SHA1

    a89eb3ea7954941fffa3e1f76b46818d06ffc902

  • SHA256

    f5c4717f5c2b20c14403633d7faa42469a33ec61131578b1998d240c85fadb76

  • SHA512

    667682dcf6bcf2b0fe842bf93d9dad81dec68ca38313bf2fc86c57c2e483ab2301d0ad2b7fb8d3c1de26d6a3bfc2cd6efe3a61d9529cec3d37b3526687ca761c

  • SSDEEP

    768:KTDou/K2XYplvXh3eRMWpn2yJtKALOxqQo+JeCcFRHtqkkJVb/gyKFm:iWbXhuGWZzJkAKqQxenkJVzgysm

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 1 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uninst.exe
    "C:\Users\Admin\AppData\Local\Temp\uninst.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2164
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.openwares.org/unindex.php?app=Arcade Classic Arcade Pack
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2636
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2636 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76df4d0523f2cdf0cef0d5c6e01bf53d

    SHA1

    547dd15ad657c06b9ef1fc9d1bc9f851da52f10e

    SHA256

    c0610e174c76d00879b105162dc8372eb65d0b6d56fbf1796d055f50568d8827

    SHA512

    157c8b3063b1c8f6dbffe3da8d7d6a011926678be0cab343379e01bf6c079b69df4c68141f4cf9b555183f93fd980dd4065d0f30203b27f9593e1872a19630d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    00c14d0c13c752daf2c7a94dbfcd7376

    SHA1

    f246d51aa2177bd20537fac03e62fc3264fa4f8a

    SHA256

    54bcd5a4cb3801ba197bc3b342ccfb4d7c8a3aa2d0b785f082fb73010fb5d994

    SHA512

    ec45de0bd2f4d2029f2a312d9cd5a81800e6b4f2610d658d638736caa7fe1d3ae16c99ad06cd6fccea4e6bc321aadad5bd6003826feaf1417016ba07dac8a63f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    35e8ae50f50fef15a53f8964b8ab6b33

    SHA1

    0b47b23af14c7ceb6da789c48b8adad25d76ae78

    SHA256

    5545c1bd077f36f414be8b67681d3290b94f7fe802b5ae712079448b4bf00f2e

    SHA512

    233d1db5448a09b99e04cadcb56661bea1aa26c739d5911ac19c857dbcb440ed6514cde1110869139570317092a65b094971aeb6ac2c0e5139c7db2180047e7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e06961f10919f3231cd0bbeb27af1bf5

    SHA1

    6f606238c69abb9846d8586390ac574f0c7014f0

    SHA256

    4b2268c25a893bf7438e5df46dac364b28950eb2a564fe9ec02cd1e0c12f65a6

    SHA512

    051ffc7413d8b8aa81693a9a6dd0941578b696b7e5f479d357427c03cb56db89651375d6779a16f0c440480fd2ff40600c91c08d19bdaf6854dc1cb075068b35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc8e3f820f36c41406ce561663f25102

    SHA1

    35bfe5d576d94150f1f756a51f49dec5203e454d

    SHA256

    e199ba12550420504bc1a47504079c0e5ba1f01886af3be4ae55cc1e69c94a6a

    SHA512

    84d38121a616cef63ffe5cb99b192bbecf4e05413425ef1a966982dd6b556ed58e210086f5c615b4016fc27f97f1916b4b06f1c7c843f60e01019d715251f5dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    216f8d10330003b6c2677c28f8934635

    SHA1

    e77069a81286a2021a33f35fc110d7dd00357fcb

    SHA256

    ad2681735e687cc95adf2d43485d8962c4d0b96e80414810f507cc1a314c52b0

    SHA512

    b60632ec94a2a2dbe75b8cff719700423a2b7bea291175a189d0c7922ca54fb525f8d344b61db5ac50f3e51ca86b1738389354d9a82e9ed482b3eb9ec456e7e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b765606f71cfdc5254d47ea854950f8

    SHA1

    a7672871d141dd3d2c53a9f4dcd44183df633873

    SHA256

    5d8a7f82559c6fa7d94e777a2429d49c97a93324c51b672df0a3d2d205560673

    SHA512

    190b1ee09e8625f6c42b4fbe18065326a1c70d9f6d46a3eb0551f0caa480a9e0d517517f201b990f49a853c466e65fe6473931686ac55375e2c819833cb241bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cb1a8d1ad8fb726b6997824049e8b448

    SHA1

    1e5b9cc1dd5413a190b2a9fc1ebd105c88286864

    SHA256

    4d8523b36659e813781b6668cfbc2d377c208c1068cce62fd7ba251d63b1dff5

    SHA512

    a2ebeae3d14517f0a7aea9244d69856f577a04ec863e78d792dac00a09cfc7cf82cb573ea9a67d7ef65abffa21e4c13a24549eb9fb2d4fc8198368dba3ad5707

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2d58ca36793b9e564106b016e54a26d

    SHA1

    a272c226bfd6a0fa41b9af67e6935bc0fc5dda67

    SHA256

    2dfc4d948586b1cbb9d7536ab92a51b83a8bdbfbaedbe2264fd25eb251fcdd08

    SHA512

    c143258e4894819ac9a496263ad541033ca6087c6faf7853a7cbe9e2d85c960c4b0b4c6d8eac8e950b75d2b53ff914c09c7ef81ba0ed8365fdecd905382c00fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33aed906b47a840fea291904eef99605

    SHA1

    deb43895c847ed2f7584bf7e90e76aa03a34d721

    SHA256

    f69566fc47c4084c31d1eb82895f5b23571a7244a07ebcf37877303fa8c893a6

    SHA512

    ced97df6dba1c8d81f5ce03815c142eae9a87ff5ef73aa9b54a8ecc5a1ec3b8894642a286812a7cf5b03983a5001f38b6e96b83a8a5e8fb8775eb8b84cee8949

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c3eda0b2a832f5196ab48eabadbf723

    SHA1

    bd4f0bcb83bc5c609d081bc69a9f6d668b8dc53a

    SHA256

    450e21c88811dacf6d5edf460670fd59669325af4e466ec628d7885cfc44e5fd

    SHA512

    7c7179d52a13b7b667e86d3d08196608f78d7cdd8a743de19482d0e72049051d6fb88f2190774a96680615aefc47fbdb87332f2fd7774b9fc4550867014913ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    613db1839eaec8281516251fb68e3099

    SHA1

    885d17d7f3681347ca7a3df26b8e383b73525df8

    SHA256

    8903cab6d8412c489d6b4d030405114244d24ed729b7d2d16c73d8f09911d6f6

    SHA512

    4a47c80d5ea2e71f76086bd96045886a4e74a7616e18135c06e9c3c1204302630d09a5c12160c898bdb641dec320b9855ef5e9469255d2ed3ef4d0de49fe027a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    379b12588b9bbd3185629a13a45923fb

    SHA1

    8965474ac23e85c18bc9c573fd33026fd03c3082

    SHA256

    25cf4828387d6a800952265dd889e205c1c7cbfa5b17020ef914716916cd07e7

    SHA512

    34adf3ab0f05908822095c0f556048e428f1363387a2a5e724c51e6859303d1ba180d21c3552e914ac7f28403c911c04f433606f7e626f814d61a6445a82aa64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b210527ff8ca18512bd21dd9cb224b8

    SHA1

    f82713fee6b31db719645b4ff0a1421d45298744

    SHA256

    e011ca715b8741823c54e2881fa71e924f97d8cdcd6ecee62c75984d94bf8c93

    SHA512

    2ed0a686f3af534816ff7030889c1582c66a8873328b7af0ac2468143b29b887f5c5467cbdaf6dbc8420ba7a95d24482165f6735ad83d639b526abe640b5f6f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f08f99976958272d7b4d4900d0f71705

    SHA1

    bc6a6c29a2b4c8ea2668bde4895683f14c506a06

    SHA256

    d7dfdc6c077faed7267ffbac3e07062e62021d022af543448f30f5e22e5b5111

    SHA512

    cc1ede265a2b19746c263073cc61c55e5c1e5a88eefea889d75a414581cbf5f283022b8c128c9e8788a21b9ba6a2057434faa196d341d8eaa0201c5af7159dcf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    605b8b0c5fd2c4a8b9ad01c40984af2d

    SHA1

    b3d0d06cb35ecfab90a5780c7a7b98115058b9c2

    SHA256

    ff0cb9fae904d3cf4a24ab59ab2ab260afccda46597f9f8d30be9d1c33ad02ee

    SHA512

    252be5d9c5644e90fe3e68630cb57e722e8610206564474db6751188335377b063be7937356d02cda43df8db5103c2dcfa39d74d6198f8484d253ad36bd437d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    10d24c4cec76c74ef2980a351e5f49f4

    SHA1

    359728c1514b5f4d0137aa8c41b0f96dd7b019fb

    SHA256

    ad9b396a7c5f0dbc723b11dd7d8869643ef5f420cd5db0a50dbc4e3b8a4977e8

    SHA512

    08d62173e6a78129a8552a5312b851e9d355135b65443f47b64d03bf1473a19af169d714d4b6669c941aa101ae9a5abb4f8c7c43ecdce879ab6b5993b5e9ed61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f3cc1f7b95690ceb34be2f0f91e0d26b

    SHA1

    e7c19b61925cf2bcc5d3e7d01d0b1c65a4e73570

    SHA256

    404e75a680cca09fe93307d2a214c3d8c74b980e0798e1459e4eacd46bb27acf

    SHA512

    52aa8988c54b03cd1d4189b8df3a58f43740cca92b1c1c450cd42d6a427fa34cd51277a6fb4e37c06f3d3c231918ea73ba31ae414cc5ed1069cce938301237b1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1883.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1922.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    41KB

    MD5

    3ffe03fe0a494a88b37618bc40db695f

    SHA1

    a89eb3ea7954941fffa3e1f76b46818d06ffc902

    SHA256

    f5c4717f5c2b20c14403633d7faa42469a33ec61131578b1998d240c85fadb76

    SHA512

    667682dcf6bcf2b0fe842bf93d9dad81dec68ca38313bf2fc86c57c2e483ab2301d0ad2b7fb8d3c1de26d6a3bfc2cd6efe3a61d9529cec3d37b3526687ca761c

    Download Submit