Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

is155016.exe

windows7-x64

3

is155016.exe

windows10-2004-x64

3

setup_akl.exe

windows7-x64

10

setup_akl.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

AKV.exe

windows7-x64

3

AKV.exe

windows10-2004-x64

3

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

3

HTV.exe

windows7-x64

6

HTV.exe

windows10-2004-x64

6

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

3

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

3

HTV.chm

windows7-x64

1

HTV.chm

windows10-2004-x64

1

HTV.exe

windows7-x64

6

HTV.exe

windows10-2004-x64

6

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

qs.html

windows7-x64

3

qs.html

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2025, 12:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Uninstall.exe

  • Size

    43KB

  • MD5

    916ced19a86ac3006f26ea60719dd648

  • SHA1

    68278a4c3d5202fff273844d8e4b488fc1daddcd

  • SHA256

    3dc70f9fc553517666be9008ebcfab2b044ff711036d49e40144e0dd97910734

  • SHA512

    9c08cbca52a17f810f3892d66a72ff37c3af5a60ebe34f56e3937c933e265ae0e4207410f7778434cb203a76e36dc62df09a08f3b3f4338d35b44d5c5bc8bb28

  • SSDEEP

    768:dsXaaLGrI0+zMwduCWgNzkkRriqskbELjlF58e1mJDGlsCxKOeRTBAzXw3x7q:dxGGrf+wMRVrkxmJ9CxMAbcxe

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 1 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1904
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.ardamax.com/keylogger/uninstall.html
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2888
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2888 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    690d43db76d2305410c6897a5c18aa52

    SHA1

    c2158287a28a0b2c871b79184e8dca0d4fa704bf

    SHA256

    e326830ad0d34dd2c0ca50f5acad93a798667450345f118a5fb1069e64af7937

    SHA512

    987ecc1282f25c95cc0fbf860abc99cbd8247fb51a7a8f99b6911cfe17a570c7713c1cef6738c29da523141161f0c5e63d0e431dbb5cf636232d700c64264f0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73a32f89d4886d9992ae371e7b094ef8

    SHA1

    b58b449b1ecf76c30dc4a3d55b609c6bebe4e0c8

    SHA256

    092386a2eca9ea5bd82ccc46dd7dd5e9ca38690f9e8cdbbd4f05c1fed8b1c4fa

    SHA512

    0143b7c455b7200d9eb2e46ac85a6b78527451b16417691b38a84c6b5bc40a27bbe3e8ec30989d3f6ec61571c9e2bd4dd17ace60a0a46fa905dc6b433358c26d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0a55a42a25e296baa06c89e8afb6fae1

    SHA1

    c661f1e0b85261e127110032f447315ac3244781

    SHA256

    c38e136413fd34758b5c64acb6e73a8bd4a2e6c0fa57a765448894c28b6258e4

    SHA512

    2ec70bddc526d2d9b4c7a5d3cfab9fd40be84e5f778c16c426586e9d560f5312e1d87070740f011f9a3c4e5ced42341b676793f9a81e9eec3c9c5d8ddd9c11d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33cd3f55c8f3d77a7f73f2a624f25db5

    SHA1

    e6d18734cd35787b7bc84df4aca01c03495f09af

    SHA256

    ef6b6474c6888ef0faf8e8a2fed47dad3dee1e80bdd79c6ffd04f06a78deae13

    SHA512

    1c0a397d3655edc6379b8ebb70d429445f6195ad49517a9f7b500fdf871faa07ecb9bd78ccdefeb7204468e700f7f7a1851d6b749644f8794b9b265a42ee2830

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    498258a58eed351e40b372de0dafecc8

    SHA1

    028f52972a432ef4b76912816eea9e1852ae96e8

    SHA256

    b845cd1c5d15b22054727fbe07108bad70b73e4f85b0286bdb95c596714b09d4

    SHA512

    b782d6ecb404066fa9bca9b13bdac317e59f0c482d07384d11eecff26aee1fc88557b13939571d3e0f72ec07f408d0fa7234bb7f7cac2dbab1d1d8213cd23733

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    34f86fda66ad2d3dcf05ee84b48d9ead

    SHA1

    5ca2d4e19f04a1f571cd573586ab58c5b5ba4cca

    SHA256

    253ccb71a5975e0fd3e1d372d4fc5142c54cbd6584ead7face1a337a2b939327

    SHA512

    857b3b236b9840b1400ec829c473160eabd6c36eb54bf57ec343e21d436499cfa7f0574881687d485f1411bf8ce5c19fe3f1715ba3e3cc264d87ea358be5c827

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0db4c39770b33b4fc91790a6d9a3dae6

    SHA1

    6cf0d04bd4d6abefdc4c00f5170087b971774642

    SHA256

    04110cb79e964343560a40ce08f3d36221a612b4126cd3b57f207a22b03e62dd

    SHA512

    a199fe33f86b30cf348cf5fc653fdf9915e30973f83ba4991614f48ac9900bf35132ae5d180f8e509cb3cc3fc6b9f62b2515716431bd4e2f1065f08489865a1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a16f7fc091f4cb0ef7016e9ae34baa53

    SHA1

    b9e8cd9d2e05b000bcbaefb26a4f615fd1619f66

    SHA256

    0dfb2661c3abf93f6686b9f75b5ec2bb1aa986626c1766d01a4a92a3225d2094

    SHA512

    3e9ccdff6ea5cca6850967becbb0e889d323c4770c456dad1c0cff23dbd4d50515678d1d6e7ce379cdcfbcb7dc48b18d3b0504b00085b2fe17a7ddfe32399180

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40549fbee7a2ec164586533c7ff39949

    SHA1

    262ccf5d3149ea83c2c8d8a8cb059b5254a23972

    SHA256

    f21b699a80aa0f50b81fc79e3ca8652d338151cbedb7300b7b3c6e6ae38d6a5e

    SHA512

    402efc21c67ecd31c7549ad7083b6489f83d0eede4795aee2d70c3bee8fe660b37c3abfd85746a6dc90e4df08e157bba4488d81f1f84be46854429088fd2e290

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a5eadfe5b4d9961f1e6279f813fa6476

    SHA1

    602087dfa266ee1e62247a7fc2601c1f02325d6f

    SHA256

    1fa1189caa154c25c23bb81e65688dbdd0511fa0d45105b24ac9161e6d14f94b

    SHA512

    55ae8a5b5ab9c68154b59bb5300ab774a6ce77a7d24e02c165c8bd3ddf6e85777fa92a69a5c81ca0a92f41e9e89fade2578ab2dc74cee7f0f514387d8a70c3d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    704c3663dd03cffb06c5b48b4ff7efdc

    SHA1

    ab22247080cc26b66e5a55e96000d5d9da4ecafb

    SHA256

    c9b95be18de1ee0c0116191d962d4f1788ced25a0e80a63bfafc636d9e703eb2

    SHA512

    5c13d4963b33f43d3a22ef8c1ffc3aa0ef7d8d2802b1a98c3b61f5e21d972f65ecc07db72abbda6dcd588db4d5c2c7e60c668142b9f39a44242df65ba6b2f776

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3bfeebaf3c1e1872ad1c243aa35b00aa

    SHA1

    333db90e2da5536bd9da0e73dc006fc361e4a403

    SHA256

    54e7955d2fc5e0c66826146e84ec52b9ce8fef9a182ba2c119c378633318e4f8

    SHA512

    06e22e18f87f2dfd1b472f81a30f9dcc8634c5d3b782aff81f3a47e86f67d25564787eac3233aa6b85d2c206e910753efa95dca95459355060146386f2744e46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5161ca9a2a81e53e3cacaed42b498b34

    SHA1

    423d1e935149f3c798844d97db177de39d936754

    SHA256

    b8eb5714330484910c59d5f54604fb64fca0718e8d7271dc9663c1e3bc843c40

    SHA512

    7f9d69577d80ac03fa1be5fd5e94bfdfe1650570a1bd2d33a3ce23647f387179046f99e188e0c2c0401e1a957d94033f9c5f03411d1a9d7e53b45488165f1af1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce87eff106045955d5751c7f969c05db

    SHA1

    e04e444f6c9f1e884f40e974547a685cf7a1fe46

    SHA256

    29a91e9c30e5c7c882f39a4d8f0990ba89c8534def3ea7aad11bf6ee69c2c6e8

    SHA512

    6b6c0c85e9779f4d610faa652fff97b87c948fcd000f6712f07e5a18b4a8117f203cf1044d4a91a96b19f1d9683fb76a853433545dd4b08bf1773f29c1e729dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a032bcb648659c9849b1a4455da4ab7d

    SHA1

    ebec46086718dd9a0bb4739616be6d90f0ba4836

    SHA256

    36c656378b65daf13bc31b3896349b10b8399d72886f232112a8a2034bd8c5d4

    SHA512

    605dedc0457aa5c4b841eb58418b509d375c20cdc66a3a308715a69a2dd0b46f0867629d4ee5bb04506e151f8f7abaf6182d097bf306ab1551b7c8e3aaada3d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9f5f04b80ba0301c3b6d5eab0ef508f1

    SHA1

    d741ca35718a642102e5fb34b307e727599525a1

    SHA256

    52de422f48b0f8086b65e9bd26c1a14d6f7b5fd61ddb40594a266099f74b653b

    SHA512

    99c710193dfde7db14d4da0c464496dedf24f6b999f9717be690ba1ec17502ddc12ccce5c889cea63d6a7774d6c7ba62292cacdf73bb38b311978190d948d610

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5623000b285a3f5b2acabf5b1a1dcc88

    SHA1

    1887481ae72a28921f591e391773e2550fa9ae47

    SHA256

    1643eb7d45a372a4216196db318437e59c7ca22c1d5e5e4576f93fc16fdfbf0d

    SHA512

    e032d54a88bed814a95d42be064174428d4d3b3ba7b395113e48a7e11caf874fb660f593868218021992552007ba292e805d6f4d6b100c91129f62f455995631

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40bd4c502fc9797e9641e2ccd6f20246

    SHA1

    30b44875bcbd8eeb00f64088f530c6765fcf271a

    SHA256

    cdb6ea8416ed8b6424a178dded7f9ab22b14d4de71e4a06a4c177a2eed1b1776

    SHA512

    3a48df611db8aa8c763b820dae4521fc426b391b8bd5e01267717fffd739aa40dbf7177300d5147933957dda43127bf1893c748ea0fdd25e1a5a8791ecc2caaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fc89bac5e3270223f02af7b5b4aa7d3

    SHA1

    f5a8dd4f1767398eb97a19e057effb644888bc5a

    SHA256

    2c4a7a4b079e58a69b08c195af0fbe5cc37f30a82ef1fc5071cf0b0465e7c219

    SHA512

    3fd470207a9d3b224c119ba07f8c75042c24cc8e989505200d5bb0cdbd0c308e950b1c80426da6f7e386b410661b943767ad360fa8cd0b9281e3aebe5855edda

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF900.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF991.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    43KB

    MD5

    916ced19a86ac3006f26ea60719dd648

    SHA1

    68278a4c3d5202fff273844d8e4b488fc1daddcd

    SHA256

    3dc70f9fc553517666be9008ebcfab2b044ff711036d49e40144e0dd97910734

    SHA512

    9c08cbca52a17f810f3892d66a72ff37c3af5a60ebe34f56e3937c933e265ae0e4207410f7778434cb203a76e36dc62df09a08f3b3f4338d35b44d5c5bc8bb28

    Download Submit