Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

27fb410d5a...18.exe

windows7-x64

7

27fb410d5a...18.exe

windows10-2004-x64

7

$PLUGINSDIR/17561.vbs

windows7-x64

1

$PLUGINSDIR/17561.vbs

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDIR/SkinH.dll

windows7-x64

5

$PLUGINSDIR/SkinH.dll

windows10-2004-x64

5

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/pcpc.vbs

windows7-x64

3

$PLUGINSDIR/pcpc.vbs

windows10-2004-x64

3

$PLUGINSDIR/run.vbs

windows7-x64

3

$PLUGINSDIR/run.vbs

windows10-2004-x64

7

$PLUGINSDI...��.exe

windows7-x64

3

$PLUGINSDI...��.exe

windows10-2004-x64

3

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDIR/Inetc.dll

windows7-x64

3

$PLUGINSDIR/Inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Shell/Norm...le.dll

windows7-x64

1

Shell/Norm...le.dll

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    137s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/10/2024, 00:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uninst.exe

  • Size

    376KB

  • MD5

    765f54b192c4bf31c01fa469894034d9

  • SHA1

    3d53eeaf5abab00b30402ec6947a9d2fad1207a8

  • SHA256

    5a8202c253886c6ad5a4c626b72e4cdafc9075f8b8296829d1ff3aba4e7148f1

  • SHA512

    b50d2b5b02eaad26ebeea66f1d1e4a3c71180a98619e1c80a536f3a289050d50fe884fc0023b4efc71d2cbd5fe4fea5f3fd9a03918d9e9ab6c5c67486493677f

  • SSDEEP

    3072:lQIURTXJ+2WrSfqW4C3ZtmltDcFtlEesQgC5tM:lsc6qY3lEesQgCHM

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 2 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uninst.exe
    "C:\Users\Admin\AppData\Local\Temp\uninst.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2356
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.rmzt.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3048
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34e5e25f590f796066fdbdafbf597856

    SHA1

    37b785900400ae670f440ea9160230ddf1f3ddde

    SHA256

    18751ec66b9e62063f9b4cb318f7aa7b9656db83318a03da9522c7857584b433

    SHA512

    a28514ae660ba93e1bcb516926a8be64706cb20f18b20d407de8439f2c1b35c035d4ae7e058880be863342ca10d608e272aff2ae63070eb43aeba65a4827c111

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3dc94515e50ed5757fe5ccf293a414fe

    SHA1

    4d324c9b0aa6ca3b01175887202ee6a687a56153

    SHA256

    c28580a7fcd253d7ae3d61cb1191f16a42729a665538d91aa866a82caa4028fd

    SHA512

    548b27fba3fd42b5ec261455c21da791de34b4250d952d7dab857ed2de436238ee7a455b0f6bfc3aac4cd397074caa92d6c16c216c22ca8d79f31963e345757f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c71198179e7c5bb961308ebf79b436d7

    SHA1

    6beaa88e015a1ca4e63b1cec4d434fe007bec2dd

    SHA256

    46bd2849d2ba6f8fa6a411f7cb7eb4076eeeed3e302b0868c8408a0223b3b9e2

    SHA512

    08412be47e5678299fdb093f6572666bd4f10a24170ffd0a62cff55d3b64d493f37db3a9141d14bc0d01a1216dc109bbbed883462ea54c1b9650f925886e6e4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ef4ea53ac7979f4e5bdda84797d0ebd

    SHA1

    a8f428cc3dc51486c2a5dc5a9dc36494dc43b7df

    SHA256

    11135e8525ddd816db1f73a30e23e192c47c3152797093d03b845bef60d2e657

    SHA512

    6aa38d901b86712e2f522d02cb8a6faf7306a604f7d91e7065b9957a1f75e5a385941df5c8329a25eb808d395db042d5b0eb15425cba312fa1501f041f20e74e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    613dc5d26a759910774d41b275b35479

    SHA1

    5a674b7972a04260b5a635ca36d2aaa334796933

    SHA256

    352f2fed0cc1c83ebce126e59ced0c88b80dba25be4021f88a93f23cd5622287

    SHA512

    ce3650204847f3f236ad56bc7d36ab0f4579fff233e82d11b24f83b1773b7d5e6569c6446ac7c2668374dcdc77f06a958d8eba88fe1b2fac9b36a4fd1e7da926

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0759a08641a9a6ee77a3b9cacecab4f8

    SHA1

    acba7cf3e2aa070c6675f3c67391aa9fecf938b5

    SHA256

    a3861aecdde55c3e385c65a79d70d6f25f8488e0945c47d43ebc8115e46e7acd

    SHA512

    5257a8d5f666946d11f826554d788104874f84bbe1731a7bb19668f4f8a08ebaf58cce391a7192926ecd45310472e199fcf64c4c00d81ab164e79182fbf0eee0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5da396cc7e953d7036dfc2451fee1b58

    SHA1

    2efa2d3d90b3a02d9bf4239bd92acc01604c75f4

    SHA256

    ddef7b011a3214884e7fbfe6e11450e169596ec8d479a126668c2abdd7a35ebd

    SHA512

    20a77d17aa352a8d2d8d9fc2088fe25b44a9c73626235eb16b1b5b8123e71a021a4b7e1510cd043e17f0bbe7ccbd7739717b8c7e699811be61c740fe687a04ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e4698b58f32017769db497261bf94ed

    SHA1

    448fab0cb329492320a0e1bca982dd34bbd0aeb8

    SHA256

    c6485f1a088804cd66310ac0d92d269d05a3abeae059458901cb7caf89b008de

    SHA512

    56735205d12d683d5fe2593608c09368e533e40efd8f5794521313f5d2a7e88eaaf595f91e623d021ff4f71631d0ad65c365a9a35641e70608ae44ecd160f92d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b863c3dca2c09061982af031acc46350

    SHA1

    c756795c06da09b578d641c4aac4c9153af4111f

    SHA256

    3bcc37380918ef4e7712fb65412ccb6bc32edf931695c0311fa9b68c8f557610

    SHA512

    c6dda9c09f8c926618b56efc877b3d6b66bc58e77ce361d36a958b3a2e6593796162d02583e288df5f780fe6f29582c0ddadc7c939ca6b4d9e29c8d95e69c536

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bcbe17c6dc2f0ea971497a1c5b96ae65

    SHA1

    c417967ac67db80740ff5b8f0e9b17b4e3822689

    SHA256

    c359d8fe8662568ce57f1bd2602015167415307d70e1542fad24529f55d5edb6

    SHA512

    198617109fec64c8fdaebaf623c7635a75b28717ee82b366f749dfab586d0406ddb02ce4cf4fa4b64063821197a02de6d8b0912fa037550676bd0e5d2cd0d30d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    881f458e5b7ac52ba489c45d2e14e95f

    SHA1

    3a61bdc78fd9e9e0187a221a42fa0d86d6ab7719

    SHA256

    6ef07bf0dda9e38dd477d4a9abe290cd25d1475d415bc5948ef27e12118c89ff

    SHA512

    1a5f7d650b62e194b241b315a2236ee5ab856662f849b823e1b59cca6099f5655bc88a977bd26d321817d55439165963d3f2147b2bbae5606801be60f595895e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d18461236ffed61dffa658cb74d792df

    SHA1

    928a7189cc0f09438e14ae92bf017a5c71ca3041

    SHA256

    3285b77fcdd1da93a4020999d86f43c9950bf499e8d8938dce163a25a27ffd32

    SHA512

    50aed1fb3ef6b83debffd7845d2661bdbba6a10124b0300479eaffa6d20504abb816e654d2ef9879907195665cde9dc4f9888cef0b884e494728796d3934b676

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    654885c9403f14c7d8266edf4ff5bbd2

    SHA1

    b9f811d480e537ea5d899d5fd495e6139529af95

    SHA256

    fd593333515c0bdd4c832c9fd31403b6148dc8357a491cca1bcbb8ad5bb3c493

    SHA512

    55f3bd007724349de917dfc68dc33601bd12fb6c849152522e4bfd520643d0a9453a4cf1defa06f90ab1df5ccb8363518f31f7039caba56e5669d877d73420fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    04176934b4775568500c8b99fbf96758

    SHA1

    9c4017d6dfcb1f26143ce06b6651df9910e5e2d1

    SHA256

    579de807b6ef95f334c7ece87d5cf22165b7f605ff59aa3ce4f4f728543af1c2

    SHA512

    3c6f18991881f271dffd20bf50957d301662e0a4e7940981e06cc26c36de999b7b754be67e83fb0f08cd018d043348ec104e85b4dff77bdb8a0d6f0127f6d0e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2000810d9a8b8e4f6f0fb6a41cd01bda

    SHA1

    024bf925ba067716aad2171495d00d4c9716f3ec

    SHA256

    b3ff31556557c273b25f2b7b67b2029e72578bf7cf21848284deaf627a28d090

    SHA512

    908733b41bf7935562887c06b62703a5f27b9ef29a0925d209a6ae850c03d79ab2d3e42329316a2c2aa0f614372120d168341ada76799dd544452da6a7476d5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dfdd5d00a058851e786077ee6e25d827

    SHA1

    ebad79a07e01e4849f86ac2e7ab6163b13570db0

    SHA256

    090894a97a5968328756b911e104a105c28a2ba0725b490fe1b11c23b37eab12

    SHA512

    f133aa436fc9865f5992800119be0798da76e814d82f73748b0a58631e2e1d8b7c8f89c86c310dbaf594c23b4e5eadb1954dbaa917e87d329e60b0a4424ffff1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    71e2d76bccf9fc2c234c965116d3edc3

    SHA1

    cbb7e96d51ffa07baffc9ae400fbeb6d1a2d9d4d

    SHA256

    dc8eb3d3264591d8a99069b11a00538af7b4a300359ef43bd09ed8bd97d31db5

    SHA512

    236d44482f4f0d81c091cee55acef226f5c830a9249a4a94531a73a2dfde07115df9278e45ae1a1f00e9ee80ca6ec77a938fe1f9452a971c3467282413aecd4f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab48F4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4994.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    376KB

    MD5

    765f54b192c4bf31c01fa469894034d9

    SHA1

    3d53eeaf5abab00b30402ec6947a9d2fad1207a8

    SHA256

    5a8202c253886c6ad5a4c626b72e4cdafc9075f8b8296829d1ff3aba4e7148f1

    SHA512

    b50d2b5b02eaad26ebeea66f1d1e4a3c71180a98619e1c80a536f3a289050d50fe884fc0023b4efc71d2cbd5fe4fea5f3fd9a03918d9e9ab6c5c67486493677f

    Download Submit