Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

b76b4b8eb9...df.dll

windows7-x64

8

b76b4b8eb9...df.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    170s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b76b4b8eb90d967e0b7299c7773850a8f2edd64d13ec924ba0966aad1e6b2ddf.dll

  • Size

    222KB

  • MD5

    bf5c56128c20c9b250e3ccf5cc14171a

  • SHA1

    29ac1a43682ea5347b8e6ef7a24427c494f77b78

  • SHA256

    b76b4b8eb90d967e0b7299c7773850a8f2edd64d13ec924ba0966aad1e6b2ddf

  • SHA512

    66d836eb065a81fdb96d73d59a64709082dd026a93bb875a9e6beee327d8ccb89d292231e860e56cf721a34b55974dfc06d63999ae582de89330671a0333bed5

  • SSDEEP

    3072:EXvXq7YTc//////GqBzPtgXDXvRTVki1ZNXy2Zq:mqsTc//////VWtVki1/CT

Score
8/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 4 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b76b4b8eb90d967e0b7299c7773850a8f2edd64d13ec924ba0966aad1e6b2ddf.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4980
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b76b4b8eb90d967e0b7299c7773850a8f2edd64d13ec924ba0966aad1e6b2ddf.dll,#1
      2⤵
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:4904
      • C:\Users\Admin\AppData\Local\Temp\inc2f.BBC
        inc2f.BBC
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:5108
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 520
          4⤵
          • Program crash
          PID:4344
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5108 -ip 5108
    1⤵
      PID:768

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\inc2f.BBC
      Filesize

      207KB

      MD5

      15f6df7ca649578efb4c4410678e0bb8

      SHA1

      16fd9761f19019c493cabb95a6007610f2c6e106

      SHA256

      aeca3d0a31a25d5cab8e0aaa72aa0f8d8cc7560132dc0090bcde43b31647d3b3

      SHA512

      474aa52e6abd3122735bd4fff58ff5a80cba889a6106254105b846d392fa80cc22c9c783d393c5e332f142aef273edd2a1dfbb457ba7b1e51285ba86953cd94d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\inc2f.BBC
      Filesize

      207KB

      MD5

      15f6df7ca649578efb4c4410678e0bb8

      SHA1

      16fd9761f19019c493cabb95a6007610f2c6e106

      SHA256

      aeca3d0a31a25d5cab8e0aaa72aa0f8d8cc7560132dc0090bcde43b31647d3b3

      SHA512

      474aa52e6abd3122735bd4fff58ff5a80cba889a6106254105b846d392fa80cc22c9c783d393c5e332f142aef273edd2a1dfbb457ba7b1e51285ba86953cd94d

      Download Submit