Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
191s -
max time network
230s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 16:58
Static task
static1
Behavioral task
behavioral1
Sample
d82f9553b05c9c57e43ccfebf1dfbc5f68bdd47432da7eea8bf775a278f13744.dll
Resource
win7-20221111-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
d82f9553b05c9c57e43ccfebf1dfbc5f68bdd47432da7eea8bf775a278f13744.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
d82f9553b05c9c57e43ccfebf1dfbc5f68bdd47432da7eea8bf775a278f13744.dll
-
Size
588KB
-
MD5
02a730cf2ff599d69e9df4d842457780
-
SHA1
27acd4940ab32b4e72e6433efd3c3470141739b8
-
SHA256
d82f9553b05c9c57e43ccfebf1dfbc5f68bdd47432da7eea8bf775a278f13744
-
SHA512
7caeb8f96c92aae454127ab6ce3d98b0392b21c6cc071de362cb62826451276d1083e3e11d025d0575b312998c7eabb29d38c1e536e9421d801600faa2a36548
-
SSDEEP
12288:kET3hqDhHa0aGvI+7HlqaZbdUC9dDaupHptLb1Oc8om:kE1BGvI+TM4dd9dDaKb1p
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d82f9553b05c9c57e43ccfebf1dfbc5f68bdd47432da7eea8bf775a278f13744 = "rundll32.exe C:\\Users\\Admin\\AppData\\Local\\Temp\\d82f9553b05c9c57e43ccfebf1dfbc5f68bdd47432da7eea8bf775a278f13744.dll,#1" rundll32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1366522842" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1471678730" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{64D0A880-7367-11ED-BF5F-5EDCA19B148A} = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1366522842" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff720000001a000000f80400007f020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff1a0000001a000000a00400007f020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376877337" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31000436" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff00000000000000008604000065020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31000436" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31000436" IEXPLORE.EXE -
Suspicious behavior: EnumeratesProcesses 26 IoCs
pid Process 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe 832 rundll32.exe -
Suspicious use of FindShellTrayWindow 6 IoCs
pid Process 3756 iexplore.exe 3756 iexplore.exe 3756 iexplore.exe 3756 iexplore.exe 3756 iexplore.exe 3756 iexplore.exe -
Suspicious use of SetWindowsHookEx 30 IoCs
pid Process 3756 iexplore.exe 3756 iexplore.exe 4552 IEXPLORE.EXE 4552 IEXPLORE.EXE 832 rundll32.exe 3756 iexplore.exe 3756 iexplore.exe 1836 IEXPLORE.EXE 1836 IEXPLORE.EXE 832 rundll32.exe 3756 iexplore.exe 3756 iexplore.exe 1820 IEXPLORE.EXE 1820 IEXPLORE.EXE 832 rundll32.exe 3756 iexplore.exe 3756 iexplore.exe 5036 IEXPLORE.EXE 5036 IEXPLORE.EXE 832 rundll32.exe 3756 iexplore.exe 3756 iexplore.exe 4552 IEXPLORE.EXE 4552 IEXPLORE.EXE 832 rundll32.exe 3756 iexplore.exe 3756 iexplore.exe 1300 IEXPLORE.EXE 1300 IEXPLORE.EXE 832 rundll32.exe -
Suspicious use of WriteProcessMemory 18 IoCs
description pid Process procid_target PID 4972 wrote to memory of 832 4972 rundll32.exe 81 PID 4972 wrote to memory of 832 4972 rundll32.exe 81 PID 4972 wrote to memory of 832 4972 rundll32.exe 81 PID 3756 wrote to memory of 4552 3756 iexplore.exe 86 PID 3756 wrote to memory of 4552 3756 iexplore.exe 86 PID 3756 wrote to memory of 4552 3756 iexplore.exe 86 PID 3756 wrote to memory of 1836 3756 iexplore.exe 87 PID 3756 wrote to memory of 1836 3756 iexplore.exe 87 PID 3756 wrote to memory of 1836 3756 iexplore.exe 87 PID 3756 wrote to memory of 1820 3756 iexplore.exe 88 PID 3756 wrote to memory of 1820 3756 iexplore.exe 88 PID 3756 wrote to memory of 1820 3756 iexplore.exe 88 PID 3756 wrote to memory of 5036 3756 iexplore.exe 91 PID 3756 wrote to memory of 5036 3756 iexplore.exe 91 PID 3756 wrote to memory of 5036 3756 iexplore.exe 91 PID 3756 wrote to memory of 1300 3756 iexplore.exe 93 PID 3756 wrote to memory of 1300 3756 iexplore.exe 93 PID 3756 wrote to memory of 1300 3756 iexplore.exe 93
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d82f9553b05c9c57e43ccfebf1dfbc5f68bdd47432da7eea8bf775a278f13744.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4972 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d82f9553b05c9c57e43ccfebf1dfbc5f68bdd47432da7eea8bf775a278f13744.dll,#12⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:832
-
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵PID:1136
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3756 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4552
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:82948 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1836
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17414 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1820
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:82952 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5036
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3756 CREDAT:17420 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1300
-