Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

nouactelegram.vmp.dll

windows7_x64

10

nouactelegram.vmp.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    130s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    10/02/2022, 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nouactelegram.vmp.dll

  • Size

    5.5MB

  • MD5

    52703c8091a4e3ac70d95c6acbf7dd0d

  • SHA1

    671467744181cd12695db8e5ba1d79b0d83271c0

  • SHA256

    02dfd5448fecf132e9c2062dce335945d220e7fd1a0ab0885ac20d409da02bbf

  • SHA512

    ae54f063f36e13f6f04971b54dc19cb915a774dd0f35035c13ca61ce716515b9740695cae5035ff66bc5a44cf9c9d4979f21e5eab2409920cb0ec0fdb781bf90

Score
10/10
chinese_generic_botnetbotnet

Malware Config

Signatures

  • Generic Chinese Botnet

    A botnet originating from China which is currently unnamed publicly.

    botnetchinese_generic_botnet
  • Chinese Botnet Payload 1 IoCs
    botnet
  • Blocklisted process makes network request 8 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\nouactelegram.vmp.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:944
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\nouactelegram.vmp.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1508-53-0x0000000076911000-0x0000000076913000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1508-55-0x0000000000160000-0x0000000000161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1508-54-0x0000000000160000-0x0000000000161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1508-56-0x0000000000160000-0x0000000000161000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1508-57-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1508-58-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1508-59-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1508-60-0x0000000073510000-0x0000000073DF4000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/1508-64-0x0000000077A10000-0x0000000077A11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1508-63-0x0000000073511000-0x000000007351E000-memory.dmp

    Filesize

    52KB

    Download

  • memory/1508-62-0x0000000073526000-0x0000000073871000-memory.dmp

    Filesize

    3.3MB

    Download

  • memory/1508-65-0x0000000010000000-0x0000000010017000-memory.dmp

    Filesize

    92KB

    Download