Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
32/Activity.dll
windows7-x64
32/Activity.dll
windows10-2004-x64
32/LogViewer.exe
windows7-x64
102/LogViewer.exe
windows10-2004-x64
102/MouseHook.dll
windows7-x64
32/MouseHook.dll
windows10-2004-x64
32/RunOnce.exe
windows7-x64
32/RunOnce.exe
windows10-2004-x64
32/USBFind.dll
windows7-x64
32/USBFind.dll
windows10-2004-x64
32/iSafeProtect.dll
windows7-x64
32/iSafeProtect.dll
windows10-2004-x64
32/msadoex.dll
windows7-x64
12/msadoex.dll
windows10-2004-x64
12/pdata.exe
windows7-x64
12/pdata.exe
windows10-2004-x64
12/winsrv.exe
windows7-x64
102/winsrv.exe
windows10-2004-x64
102/zlib1d.dll
windows7-x64
32/zlib1d.dll
windows10-2004-x64
3Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
03/02/2025, 03:29
Static task
static1
Behavioral task
behavioral1
Sample
2/Activity.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2/Activity.dll
Resource
win10v2004-20250129-en
Behavioral task
behavioral3
Sample
2/LogViewer.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
2/LogViewer.exe
Resource
win10v2004-20250129-en
Behavioral task
behavioral5
Sample
2/MouseHook.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
2/MouseHook.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
2/RunOnce.exe
Resource
win7-20241023-en
Behavioral task
behavioral8
Sample
2/RunOnce.exe
Resource
win10v2004-20250129-en
Behavioral task
behavioral9
Sample
2/USBFind.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
2/USBFind.dll
Resource
win10v2004-20250129-en
Behavioral task
behavioral11
Sample
2/iSafeProtect.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
2/iSafeProtect.dll
Resource
win10v2004-20250129-en
Behavioral task
behavioral13
Sample
2/msadoex.dll
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
2/msadoex.dll
Resource
win10v2004-20250129-en
Behavioral task
behavioral15
Sample
2/pdata.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
2/pdata.exe
Resource
win10v2004-20250129-en
Behavioral task
behavioral17
Sample
2/winsrv.exe
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
2/winsrv.exe
Resource
win10v2004-20250129-en
Behavioral task
behavioral19
Sample
2/zlib1d.dll
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
2/zlib1d.dll
Resource
win10v2004-20241007-en
General
-
Target
2/RunOnce.exe
-
Size
664KB
-
MD5
e4ebd65e5f91aa42d785dc7fc72606b9
-
SHA1
48c811b1eb498f28c13f849da7fe46ef48a018fc
-
SHA256
39dda93bf2d72d7c55ad024b5c149971423af9b6481fe85e0d9ceb67eeeb8438
-
SHA512
089891ae8da4bea785db4f24a5362217a6fce2c6e6a24fbed15064320c43fa8903bcfdfe2ef567b1660a5c2c7eca40ac699778e107abf8328525a73fa9eaecfd
-
SSDEEP
6144:dudd3+t1eSUvfJzorO3/ehEtxAuzbawXg7DOhA5iL4QHBKEPOL8y0:v1eWi3/ehELXawzAIL9HBKEPOo7
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RunOnce.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2076 RunOnce.exe 2076 RunOnce.exe