Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

InstallerXS_0.2.0.exe

windows7-x64

4

InstallerXS_0.2.0.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/09/2024, 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    InstallerXS_0.2.0.exe

  • Size

    92.4MB

  • MD5

    37f850abf4758bd3954bb42428c91250

  • SHA1

    49ef45f6f37820fd2fd6d1dc46b16f48cd3d7e8a

  • SHA256

    7dad42175e2ab6fe78153585af3e4e5013cd83b05d753374fbd5088548602093

  • SHA512

    4a0774ef344ddeac9a5e19d5486ee58c88528d96a8d83abc735be4dc653fc607d3ccc59daf90a5a8f2cd6bfe3da970a29df451f6cfc21dff497ba4fbb5851932

  • SSDEEP

    1572864:ogPS3Eq1o536yzJghRKDykoPFToBwDJiicW3V+7q/ISWlBkwJrGp2dM8ku7DPWtJ:oIb4MGhMDy1FUCiicSVhISiy2asOtEVg

Score
4/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\InstallerXS_0.2.0.exe
    "C:\Users\Admin\AppData\Local\Temp\InstallerXS_0.2.0.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3876
    • C:\Users\Admin\AppData\Local\Temp\7zS42F1B887\XSInstaller.exe
      .\XSInstaller.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2752
      • C:\Users\Admin\AppData\Local\Temp\is-KTBJ8.tmp\XSInstaller.tmp
        "C:\Users\Admin\AppData\Local\Temp\is-KTBJ8.tmp\XSInstaller.tmp" /SL5="$E0046,825856,0,C:\Users\Admin\AppData\Local\Temp\7zS42F1B887\XSInstaller.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1516

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zS42F1B887\XSInstaller.exe
    Filesize

    1.6MB

    MD5

    509139cd260d3aa851b59ea49963aaec

    SHA1

    c2f46b8dc1ab16f25cd33c0980351c26b489e41b

    SHA256

    76ab42992a7170674f4ba0cb9af64ba510f7af48c5f9aad695e2b7b70a879e99

    SHA512

    3694dc543d12245b63d301a467fc4ed5777f6ad3ccb501f82e37d97270fd73a521f775eed19c5462bdee11c3d53bbbfb2c3fb8660bc368fee42640c8c400a3e0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-KTBJ8.tmp\XSInstaller.tmp
    Filesize

    2.5MB

    MD5

    65512ae3d801496a904e83d6c53fd6ee

    SHA1

    a0805ae0b63badcb794d9dc426ebde54a033358f

    SHA256

    4ee5e21cf5c9e02ab2ccd92f02444fd5832308750fc52e6486678e5485f01495

    SHA512

    d5f380a3923fb9f0efcd1ef121bd95b26d6c0f3a2d51a25fe4cfd45cea4be269b23a63a7a221dccd055f52190a8054bf11e9849aaed2e4134f01f8c5831343b4

    Download Submit

  • memory/1516-13-0x0000000000400000-0x0000000000692000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1516-17-0x0000000000400000-0x0000000000692000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2752-9-0x0000000000401000-0x00000000004A9000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2752-6-0x0000000000400000-0x00000000004D7000-memory.dmp

    Filesize

    860KB

    Download

  • memory/2752-15-0x0000000000400000-0x00000000004D7000-memory.dmp

    Filesize

    860KB

    Download