Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

geode-inst...in.exe

windows11-21h2-x64

7

$PLUGINSDI...LL.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

Geode.dll

windows11-21h2-x64

1

GeodeUninstaller.exe

windows11-21h2-x64

7

$PLUGINSDI...LL.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

GeodeUpdater.exe

windows11-21h2-x64

1

VC_redist.x64.exe

windows11-21h2-x64

4

XInput1_4.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    28/09/2024, 06:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    geode-installer-v3.7.1-win.exe

  • Size

    35.2MB

  • MD5

    4be7c788d50ce236c413a7d913aea84b

  • SHA1

    e865d29c34dce4fc7859b08be5dd9f54e7ec999e

  • SHA256

    11da00c279cb478e78cdb9be2a78571ac8365f7ffc2b5dcfff0ec88a179044c1

  • SHA512

    de68b0f4db16a07b3fd67f2206494c538d9b4b8fef62e7ea0780c748a52c2efcf23829765b5307b5340e3338451c881549a5949a56e4f824e0751ee8b74c294d

  • SSDEEP

    786432:OAJZEscyh/MwPznBon26d6YVNVs8ceDtb/2RxeiB0Awn9XIZM9/:dHpRrOnHJVfrc+b/2RxeBAw9iM9/

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\geode-installer-v3.7.1-win.exe
    "C:\Users\Admin\AppData\Local\Temp\geode-installer-v3.7.1-win.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    PID:676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsgA21E.tmp\LangDLL.dll
    Filesize

    8KB

    MD5

    313661ec12ed5ce1fd0b3292bf02cb69

    SHA1

    fd341676cf680a9f0f690c35b43feadc0693e9a8

    SHA256

    2e08e077a0800ec39c0596f4dd91cbbfa917eeef2d75a00767917b8d1f6884ac

    SHA512

    a16f35c6019eb1431a3d03fb7d0935c272756f2a8363f541e168a55b2e20a85ee90191715c845ab0588eef8f2af6cf91ac75c5bf1a5d0c61c513339006da9ff2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsgA21E.tmp\System.dll
    Filesize

    28KB

    MD5

    81e34f1c4b04a15dbce200c52f598f67

    SHA1

    f40a922ad7a5494e2aeeaa2b961d96738e888af7

    SHA256

    b89448b9fd7be5ef215cac6d973a57c0e75e1fffa25552afe174855c9b71fdf9

    SHA512

    577f52a292075269f0e8ec4c6d243b2ed411872e009839553020929a8263174ad97943f150543e4ea6cb327d95e227f4065441a9d2106b7cabf1cb872dbcc181

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsgA21E.tmp\nsDialogs.dll
    Filesize

    14KB

    MD5

    2726673c720a296442c8ed134b41d169

    SHA1

    b8050c85017fcda78f6b82cc86ad277bb0dbd539

    SHA256

    778b2bfbf3f4e641161f40c8174442a4d3865f097e3a2a383356dbfcac8005ab

    SHA512

    95fd8cd96a4c627dfc1a89a98630ead3fe431360ab15f2324a52fdd03b2b493bdc44a4d6d0189276826725ea4e48aeb4711459a459b92a80be51e9431b70bb0b

    Download Submit

  • memory/676-19-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/676-21-0x00000000749C0000-0x00000000749CF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/676-20-0x0000000074D10000-0x0000000074D1C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/676-22-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download

  • memory/676-34-0x0000000000400000-0x000000000046E000-memory.dmp

    Filesize

    440KB

    Download