Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

a7ecd5816f...e3.dll

windows7-x64

10

a7ecd5816f...e3.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    131s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2022, 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7ecd5816f5da87f214918e9c389ca55e4259fad0b6c978c5ef0b70c95f0f0e3.dll

  • Size

    212KB

  • MD5

    40f196f57b767669ccd72bb230bf7c30

  • SHA1

    15551a0fc08f834a8bcbe090ecf2aa5f25e0e1b5

  • SHA256

    a7ecd5816f5da87f214918e9c389ca55e4259fad0b6c978c5ef0b70c95f0f0e3

  • SHA512

    eb39cc463d71f1735ff2482141d69e2553d1ed4f3498a34cf5e870fa0ed12095c05a71bfc03cc10c865ed02d8193155d3c8aa9915213a267ae7d206be1f25db1

  • SSDEEP

    3072:En4cV8gf2u41Z5tKlwfSrohytZZ4fGEbCP:24y8gOl2iSrowtZZmK

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 19 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7ecd5816f5da87f214918e9c389ca55e4259fad0b6c978c5ef0b70c95f0f0e3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7ecd5816f5da87f214918e9c389ca55e4259fad0b6c978c5ef0b70c95f0f0e3.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2124
      • C:\Windows\SysWOW64\rundll32mgr.exe
        C:\Windows\SysWOW64\rundll32mgr.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:2720
        • C:\Program Files (x86)\Microsoft\WaterMark.exe
          "C:\Program Files (x86)\Microsoft\WaterMark.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:5044
          • C:\Windows\SysWOW64\svchost.exe
            C:\Windows\system32\svchost.exe
            5⤵
              PID:4252
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 208
                6⤵
                • Program crash
                PID:4132
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              5⤵
              • Modifies Internet Explorer settings
              PID:4144
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              5⤵
              • Modifies Internet Explorer settings
              • Suspicious behavior: GetForegroundWindowSpam
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:3064
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:17410 /prefetch:2
                6⤵
                • Modifies Internet Explorer settings
                • Suspicious use of SetWindowsHookEx
                PID:4800
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4252 -ip 4252
      1⤵
        PID:4952

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        Filesize

        121KB

        MD5

        4b1a46af16065ad354950f16a337133e

        SHA1

        68678358e7414fdffd57d4ed072d2bb79e7687ec

        SHA256

        d61b810f35e920beaf7b74180a0be0f92e0741746f7b99c247c37a577b8d6f7e

        SHA512

        2edd70fd2eb835f9fafb88e0b7ca84a03dfb6b54c017fac26817b769535e5e55073e26f9964f7847f091f0bc24959836f1dbe586896ac34b3c543870fb0bc88e

        Download Submit

      • C:\Program Files (x86)\Microsoft\WaterMark.exe
        Filesize

        121KB

        MD5

        4b1a46af16065ad354950f16a337133e

        SHA1

        68678358e7414fdffd57d4ed072d2bb79e7687ec

        SHA256

        d61b810f35e920beaf7b74180a0be0f92e0741746f7b99c247c37a577b8d6f7e

        SHA512

        2edd70fd2eb835f9fafb88e0b7ca84a03dfb6b54c017fac26817b769535e5e55073e26f9964f7847f091f0bc24959836f1dbe586896ac34b3c543870fb0bc88e

        Download Submit

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        121KB

        MD5

        4b1a46af16065ad354950f16a337133e

        SHA1

        68678358e7414fdffd57d4ed072d2bb79e7687ec

        SHA256

        d61b810f35e920beaf7b74180a0be0f92e0741746f7b99c247c37a577b8d6f7e

        SHA512

        2edd70fd2eb835f9fafb88e0b7ca84a03dfb6b54c017fac26817b769535e5e55073e26f9964f7847f091f0bc24959836f1dbe586896ac34b3c543870fb0bc88e

        Download Submit

      • C:\Windows\SysWOW64\rundll32mgr.exe
        Filesize

        121KB

        MD5

        4b1a46af16065ad354950f16a337133e

        SHA1

        68678358e7414fdffd57d4ed072d2bb79e7687ec

        SHA256

        d61b810f35e920beaf7b74180a0be0f92e0741746f7b99c247c37a577b8d6f7e

        SHA512

        2edd70fd2eb835f9fafb88e0b7ca84a03dfb6b54c017fac26817b769535e5e55073e26f9964f7847f091f0bc24959836f1dbe586896ac34b3c543870fb0bc88e

        Download Submit

      • memory/2720-138-0x0000000000400000-0x0000000000427000-memory.dmp

        Filesize

        156KB

        Download

      • memory/2720-140-0x0000000000530000-0x0000000000557000-memory.dmp

        Filesize

        156KB

        Download

      • memory/5044-143-0x0000000000400000-0x0000000000427000-memory.dmp

        Filesize

        156KB

        Download

      • memory/5044-144-0x0000000000640000-0x0000000000667000-memory.dmp

        Filesize

        156KB

        Download

      • memory/5044-145-0x0000000000400000-0x0000000000427000-memory.dmp

        Filesize

        156KB

        Download

      • memory/5044-146-0x0000000000400000-0x0000000000427000-memory.dmp

        Filesize

        156KB

        Download