Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

v/9PbHH.dll

windows7-x64

7

v/9PbHH.dll

windows10-2004-x64

7

v/Skin.dll

windows7-x64

5

v/Skin.dll

windows10-2004-x64

5

v/VEzOD.dll

windows7-x64

7

v/VEzOD.dll

windows10-2004-x64

7

v/War3Shout.exe

windows7-x64

5

v/War3Shout.exe

windows10-2004-x64

5

v/pe.dll

windows7-x64

5

v/pe.dll

windows10-2004-x64

5

v/v.exe

windows7-x64

7

v/v.exe

windows10-2004-x64

3

启动VK.exe

windows7-x64

7

启动VK.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    99s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2024, 09:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    启动VK.exe

  • Size

    44KB

  • MD5

    b9d83695fd09784e44213c62a5f350fc

  • SHA1

    e4d822e72d30badae5116263360c6d2ae1aaa819

  • SHA256

    e6697e51280e96d33ca7cd8bef7d8590f30e8d01420e4666c5e7a8de8bb3093a

  • SHA512

    610fa68978ae298e852e469f31c90038107a170e936c5461f35c658ff2edbe29e4fad89219e0603210ccf7dacc989722842d340495178615b30e93c70b181e8d

  • SSDEEP

    384:lBdQaH8DN3lFWqSsToP1lyU0hmtHEL0hmEoP1ly+FWqSsCdQaH8DN3:lBdLcp1gsov9vHELaovJgpdLcp

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\启动VK.exe
    "C:\Users\Admin\AppData\Local\Temp\启动VK.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3360
    • C:\Users\Admin\AppData\Local\Temp\v\294351266.exe
      C:\Users\Admin\AppData\Local\Temp\v\294351266.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\v\294351266.exe
    Filesize

    2.1MB

    MD5

    8209ea5455aa23d24a6b42c083b338d9

    SHA1

    5b6b87ebd405a0d79f8d451f43959953edeb733f

    SHA256

    efbd9c39e7aa0805f6676a14857e17cce4495a3700d3308bfa7dadcad4bcc9dd

    SHA512

    989651a417ffbbdca3932fba147ecc34082237ff263cb33a243d7f086b7b12e1f7ae287378f40639a3f42dca1fa7bae9518672bf2dca7e4f9159284a3db6a1cb

    Download Submit

  • memory/4636-8-0x0000000000400000-0x000000000060E000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4636-9-0x00000000765B0000-0x00000000767C5000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/4636-3281-0x0000000000400000-0x000000000060E000-memory.dmp

    Filesize

    2.1MB

    Download