Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

39c25b45fb...92.dll

windows7-x64

8

39c25b45fb...92.dll

windows10-2004-x64

9

Analysis

  • max time kernel
    69s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2022, 20:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    39c25b45fb1cd7cfc3000bf0060799052000124ac10607f51d16e71e5dc35592.dll

  • Size

    216KB

  • MD5

    3bc080b863aa68efa4a7a291c75e9ba9

  • SHA1

    5c0b8b7a65e5437bdf0ce28839ac192108096f03

  • SHA256

    39c25b45fb1cd7cfc3000bf0060799052000124ac10607f51d16e71e5dc35592

  • SHA512

    28ae6ce0275037d0ea2de404be987089b4cad7ea5535565acf52596ba3740960b32cd92be568b6daf2caf1e6a7e8756c9ac8de49cef2c04fd3f9c2fe247b3c20

  • SSDEEP

    6144:sv80ayHyYc7roVdQTuYOiWB1z1GC53DItkjzfip:sv8loDQy7DzZDzy

Score
9/10

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 4 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\39c25b45fb1cd7cfc3000bf0060799052000124ac10607f51d16e71e5dc35592.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4876
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\39c25b45fb1cd7cfc3000bf0060799052000124ac10607f51d16e71e5dc35592.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4764
      • C:\Users\Admin\AppData\Local\Temp\hrl835E.tmp
        C:\Users\Admin\AppData\Local\Temp\hrl835E.tmp
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4852
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\hrl835E.tmp > nul
          4⤵
            PID:2740
    • C:\Windows\SysWOW64\bgjrgk.exe
      C:\Windows\SysWOW64\bgjrgk.exe
      1⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4760
      • C:\Windows\SysWOW64\svchost.exe
        svchost.exe
        2⤵
          PID:4900

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\cni8419.tmp
        Filesize

        172KB

        MD5

        685f1cbd4af30a1d0c25f252d399a666

        SHA1

        6a1b978f5e6150b88c8634146f1406ed97d2f134

        SHA256

        0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

        SHA512

        6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\cni8419.tmp
        Filesize

        172KB

        MD5

        685f1cbd4af30a1d0c25f252d399a666

        SHA1

        6a1b978f5e6150b88c8634146f1406ed97d2f134

        SHA256

        0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

        SHA512

        6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\hrl835E.tmp
        Filesize

        209KB

        MD5

        d5450d1885577b308d0c081acc8dcd0b

        SHA1

        5950c3ec40d452073e96438f60b9af67163fc87d

        SHA256

        4fd0feb1affaaf2790e36ffc86a72c9ced3077020d9037fbc62950f7b4becd2f

        SHA512

        b0014a28244a33d2daf4d03d0bfaa487607158564b8993dfbaff6b193066bc8bbba1feac1ec7054e93ffa4867c7e0d7226caa36233887a9c9e8352aeb8115046

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\hrl835E.tmp
        Filesize

        209KB

        MD5

        d5450d1885577b308d0c081acc8dcd0b

        SHA1

        5950c3ec40d452073e96438f60b9af67163fc87d

        SHA256

        4fd0feb1affaaf2790e36ffc86a72c9ced3077020d9037fbc62950f7b4becd2f

        SHA512

        b0014a28244a33d2daf4d03d0bfaa487607158564b8993dfbaff6b193066bc8bbba1feac1ec7054e93ffa4867c7e0d7226caa36233887a9c9e8352aeb8115046

        Download Submit

      • C:\Windows\SysWOW64\bgjrgk.exe
        Filesize

        209KB

        MD5

        d5450d1885577b308d0c081acc8dcd0b

        SHA1

        5950c3ec40d452073e96438f60b9af67163fc87d

        SHA256

        4fd0feb1affaaf2790e36ffc86a72c9ced3077020d9037fbc62950f7b4becd2f

        SHA512

        b0014a28244a33d2daf4d03d0bfaa487607158564b8993dfbaff6b193066bc8bbba1feac1ec7054e93ffa4867c7e0d7226caa36233887a9c9e8352aeb8115046

        Download Submit

      • C:\Windows\SysWOW64\bgjrgk.exe
        Filesize

        209KB

        MD5

        d5450d1885577b308d0c081acc8dcd0b

        SHA1

        5950c3ec40d452073e96438f60b9af67163fc87d

        SHA256

        4fd0feb1affaaf2790e36ffc86a72c9ced3077020d9037fbc62950f7b4becd2f

        SHA512

        b0014a28244a33d2daf4d03d0bfaa487607158564b8993dfbaff6b193066bc8bbba1feac1ec7054e93ffa4867c7e0d7226caa36233887a9c9e8352aeb8115046

        Download Submit

      • C:\Windows\Temp\lni8571.tmp
        Filesize

        172KB

        MD5

        685f1cbd4af30a1d0c25f252d399a666

        SHA1

        6a1b978f5e6150b88c8634146f1406ed97d2f134

        SHA256

        0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

        SHA512

        6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

        Download Submit

      • C:\Windows\Temp\lni8571.tmp
        Filesize

        172KB

        MD5

        685f1cbd4af30a1d0c25f252d399a666

        SHA1

        6a1b978f5e6150b88c8634146f1406ed97d2f134

        SHA256

        0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

        SHA512

        6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

        Download Submit

      • memory/4760-146-0x0000000000CD0000-0x0000000000D43000-memory.dmp

        Filesize

        460KB

        Download

      • memory/4760-145-0x0000000000400000-0x000000000040D000-memory.dmp

        Filesize

        52KB

        Download

      • memory/4760-147-0x0000000000CD0000-0x0000000000D43000-memory.dmp

        Filesize

        460KB

        Download

      • memory/4852-143-0x0000000000400000-0x000000000040D000-memory.dmp

        Filesize

        52KB

        Download

      • memory/4852-144-0x0000000002090000-0x0000000002103000-memory.dmp

        Filesize

        460KB

        Download

      • memory/4852-149-0x0000000000400000-0x000000000040D000-memory.dmp

        Filesize

        52KB

        Download

      • memory/4852-150-0x0000000002090000-0x0000000002103000-memory.dmp

        Filesize

        460KB

        Download