Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

JaffaCakes...4f.exe

windows7-x64

10

JaffaCakes...4f.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

AKV.exe

windows7-x64

3

AKV.exe

windows10-2004-x64

8

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

8

HTV.exe

windows7-x64

6

HTV.exe

windows10-2004-x64

8

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

8

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

8

HTV.chm

windows7-x64

1

HTV.chm

windows10-2004-x64

8

HTV.exe

windows7-x64

6

HTV.exe

windows10-2004-x64

8

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

8

qs.html

windows7-x64

3

qs.html

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    08/02/2025, 19:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Uninstall.exe

  • Size

    44KB

  • MD5

    83cac9da65204dca68d957c5731a7059

  • SHA1

    0291f20c8144494e9eb06b818bed447afee91f09

  • SHA256

    9704a03d01c430189525b18b519d77337e230ccd09ca37d2ee1a25a38f5cec0f

  • SHA512

    4be4fc5cfd21ba4affff87ca1698ba63a62a2d899538ba6034e71a2451d63f545b4e29f8fd5875e0339f97eca360b46fac85d7ca26c7e37a8ea4b3ca65457673

  • SSDEEP

    768:2QSYaefDRwYxmDTR9RAdJF4cZqF86eWkJ6ls5PyXbNOEF5M8awPPw:jjae1wYxmBBoskJt5REF5M8awPPw

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • NSIS installer 1 IoCs
    installer
  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1128
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2156
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.ardamax.com/keylogger/uninstall.html
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2960
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2960 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    90db20d35c201d02929edb44340c0bba

    SHA1

    cea54cdf471f87bd87b71e89568ce69ea6605ff3

    SHA256

    4aac0e8c034fee760c46cc9025cfd4f76ecb87978847ada7beea8ee213a91ada

    SHA512

    678f9ca71f654da869f3a0590c6d1c4639da9ec65ab346990ac78e1e361e2a45f0dd79a9f92f856de256e3cb12ee03cc581e874d712398747cc52dcf24eb41d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    939a72ec6494528352b1b61302fed312

    SHA1

    40c96d8aca08ca4e0c52c90bac5bbc7176d2bd22

    SHA256

    8ccc9c20805c71ad1e2104c1b7b7ebf8f51594e49f152063259392731a78e9b6

    SHA512

    bbea2bca3d08bae63d96aefdf8739b6f98389b46a2ac9331f0c47e268842055270b00af876d2a0d61b5566a8b9fd5d2e178853b015228310c512102abc940327

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f941caafdeee9b1f8e39b813d36458b

    SHA1

    9ad9a6b589d0a2d3f5d56c873d4cfae8fd20cd5c

    SHA256

    41cc292a0fff68340de2563e0010e059fd446084c0a6e8858165f8687bb7729b

    SHA512

    91d6893b31f20748e703b17fb80deaaa7033fd0812baa813514bb370d08c1caea1f5985a15b2d0a2a0676b761e3d0fb1fe529dceb261c5529b879dd6d2166624

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc218719021e41d4fc2fc3d1cd83567c

    SHA1

    8fc29976736089612009a49cc7eb6691307a9d06

    SHA256

    fe2a8ccaa4bd016de270bcd12d11dbc563a618858ad8b2b14e97e5223abb8b13

    SHA512

    21da1259a7845efe6ec1003def646bf62d9d3225abee25200014c664ff47cb80087e95ab3c4a0fd5a3a02224a6f4fdf6488a596d66c803f565d65002f982b2af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c7c0d13b7b5a923a97d7c92e0ccff6e

    SHA1

    305f5a6e890a534302aed77db477c52a1462cd8a

    SHA256

    b896ee647b93394810961121ec838b24b05e943022ae9c0f0d0390e5d12786fc

    SHA512

    8b3e7db1645426541cfec364f3af4f6e60cafb5cfe5a7ac7dc96831168df5bb26993863256792ee9d8d98bb939d2d225c33f20e361c10023345c89698dc3f192

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d0c380fb36bdb8afca3184d77bd2fc2

    SHA1

    5548c82c1cd2b50e77270f5d40452d987f4b2e9c

    SHA256

    4cb07b114a8effe416cf91da4d45fb24ee48d1ed7e7ddb9cba7242f82ef658f6

    SHA512

    d66e7880d63178344375f1f3965a9d311eaf1ca7ade40097ec0fb323bc05479cbf16a46d166ba8e61d67445696452c266339298ade48abe77d5c55084ad51081

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    19e3ffd4084d3df15417c677fc971c59

    SHA1

    13c62be34b3f66c36e5b32bb8a8138b9f2177597

    SHA256

    b1f93bf39ebb3cd0a218662243691d7a16c1f6da4d50b81a5959ec77ba354b57

    SHA512

    1155a9ded199d57416e287dc722374a29513679d04eeeb2a16d1e656bb5e7b530c6427f8654383c56abf6eb699b9f7347f01cf98a1d5b5051a45fdc3eab8dc38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bca1f75127cdd3a065f998d779930d72

    SHA1

    ca08c572ccc73676257b5bcea28202bce5eb3f58

    SHA256

    5edb644f29c7cd96fca0936bbb63cb267b2f22e6061a5761b4b453ae90747dc5

    SHA512

    bd539a7b91bf27f99019f6ab17f3077d2eeb2804eac9e9ae16e0d12e2e7971fc7a303b291da3ff70c0c975ce6a037ca67ed4c3dd4d565571b4df8005bdf03683

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28b7770c887997e33f2b38f3a7df6f85

    SHA1

    ec2c2f153d2cce26331702190d462683cbecfadf

    SHA256

    da589f99b26589a163f2b365de75a353b4c2373b7f79f30aeddcf1ffcbaf7219

    SHA512

    025632a379277cf85501ed6277a59a0da605c0201bef24ec106474e45c485c24d6fd955ba1a04d0edecfdc2ac398c04ae1ee819759c0c32d8561f72bf30baeb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41d499e6602e39afec326eb60f0c2561

    SHA1

    d44a5a4ac9c899854b5915f83c6e79868495b208

    SHA256

    b36e8a70f90afcd44390518afac95a5d797f294988fdc5451a7fa77fa31c0568

    SHA512

    7a4f00fcd33cc7146454f115aef13865c3457f383fafd59631b596f1188f4ce3d4e424580beff04ff9f20dbd6e0b84f15f9fb89782fc1417d01626a74bdc150e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    32a8cf99ba384ae6dc4883a70ab7d0a9

    SHA1

    059310c1c311da32056463856048c5e1a1ddd816

    SHA256

    db334f1ad4abf4bd6cf5ffb61c5003b9f04cff319c8089260a5456534da82f29

    SHA512

    b3e0287d38f5fe8bbb8f539f4ab2582e9cee38be90ce179125be0ccf3c9d69fa99a109ef2b637fed00b3e1657928e72cf2914d125d930a0578a4e7bf19817989

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f98dec5d3b91b703132ad8e46bb01ce

    SHA1

    e1c03688704e6e45997c3b1152598bb48c045b5f

    SHA256

    b046dc03c758bccea90d0d6576355ddbf066ffa4cdc759cc707397a0de74294f

    SHA512

    aef4566379fdd6ce485882ad511f06fc92f64e588497c3127a5cf9054b89f2c7b9cc693188b2e3a4c00db8c36b648c4862e6402c64c3521c401431d91e434904

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2c98001aaadbdf8ca733e089f361ce4a

    SHA1

    6e3d91ef3784deb9992701073a38e7dcc23312fa

    SHA256

    ebc202573b7ddc60ae2717fb40a1b94c536e2c6523cfcd7950b8fd6716f2a495

    SHA512

    c40b9c23df7b0dcc702adfde7df7fa8ddda5ecbe399325a021177a3e5b5a158225372d8afa7c13905185b6db140c76d1bd95a09baf3e12ee2875c43f139c94c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    540da4ba70d4d886c939d81dc806e960

    SHA1

    3280f439f2907f34666753a34ed28ba33cf95f7a

    SHA256

    226f3c0e4add7fc6cffee579875af3e9d67eae2fcd756eb2846a99c5769642bf

    SHA512

    4fc4f841468bde89e5fff20dbf5a057169955c8fc92857c29bc5a3dd2238fd0d1068cb4404ba900b2ee1393e6be941527ca16e4a751aae31a8c3b85e50b7de5e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cab5cd04b63f7c8e8e3493340678c2ec

    SHA1

    a57428d33c139455ff34429e2a3e9faa008af68b

    SHA256

    a90cb4780f9ff0fc80e3e843d2504ea3a6969570592d8029528b8192ffcf4717

    SHA512

    0d5ec35d2f9dea1eaf002563f12b3cdc7e0b4c2742a56dd2d5f866d6ad089a6f45f4673f706a468bd2bf61ca75d9c2022625da13d14a120bfc9d9b2aa05ee0f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c548a77e5c9b665eb9d2e8a497c0ea7

    SHA1

    9234c1f19ff68ac6393f050594839f4e676f2f2e

    SHA256

    9df7422d499f1199a65a328b75932f524ec0ab6f2bbed6e450f5873243056f7e

    SHA512

    54cdc5478cbec3e7931b00cff774d970e66ecb23086493fe2138aadba5bf68854a0425e50abb3274d610687e93640f3f263fce535adc31e0380af990a82cab46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    c62a263b2060965303b1fd3b95d2e24c

    SHA1

    6441541bb7cf53cc33bc836388e13c3383b0ac48

    SHA256

    a0d4e4100a257003d1cd2bc421c79284fd7bc6954e295e864e4907832c546ee9

    SHA512

    950d880e3702ef97073156dc88a3bc927eae110bcc349473e68a75993763315a84fdadd9e1c4a4edbee75eb89420f8d77745d98ead0696cba0706af609afa77a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\B3JZPE8K\ww12.ardamax[1].xml
    Filesize

    13B

    MD5

    c1ddea3ef6bbef3e7060a1a9ad89e4c5

    SHA1

    35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

    SHA256

    b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

    SHA512

    6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFCD8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFD09.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
    Filesize

    44KB

    MD5

    83cac9da65204dca68d957c5731a7059

    SHA1

    0291f20c8144494e9eb06b818bed447afee91f09

    SHA256

    9704a03d01c430189525b18b519d77337e230ccd09ca37d2ee1a25a38f5cec0f

    SHA512

    4be4fc5cfd21ba4affff87ca1698ba63a62a2d899538ba6034e71a2451d63f545b4e29f8fd5875e0339f97eca360b46fac85d7ca26c7e37a8ea4b3ca65457673

    Download Submit