Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

140351c5c4...0a.dll

windows7-x64

6

140351c5c4...0a.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    131s
  • max time network
    207s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 15:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    140351c5c4a997f4513c400d057caa961c301f5b696f83d41addad73f8fe7e0a.dll

  • Size

    380KB

  • MD5

    02f1936f0fa7e0a3e8b194170a903690

  • SHA1

    36a03f650492cd59c509b8959588ff7f450709bb

  • SHA256

    140351c5c4a997f4513c400d057caa961c301f5b696f83d41addad73f8fe7e0a

  • SHA512

    e884b44247b496d7efbdc35ed32e4580fa7c0df8fbc6c10d0eca1bd0817795ad47ce8b63f358db1257483499a9607d0992339963caf26cd3d5a8fa36dd0d30c4

  • SSDEEP

    6144:QcQMa2MoFPk6/3hdgle9pnv5tQ0tbB15rznMnGj4EW2Id:mMa2MKf/3hdgleFFdBmenW2

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\140351c5c4a997f4513c400d057caa961c301f5b696f83d41addad73f8fe7e0a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\140351c5c4a997f4513c400d057caa961c301f5b696f83d41addad73f8fe7e0a.dll,#1
      2⤵
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:1312
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1248
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
        PID:1464

    Network

    • flag-unknown
      DNS
      12r6i05.reportingonlinemsie.com
      IEXPLORE.EXE
      Remote address:
      8.8.8.8:53
      Request
      12r6i05.reportingonlinemsie.com
      IN A
      Response
    • flag-unknown
      DNS
      12r6i05.reportingonlinemsie.com
      IEXPLORE.EXE
      Remote address:
      8.8.8.8:53
      Request
      12r6i05.reportingonlinemsie.com
      IN A
      Response
    • flag-unknown
      DNS
      12r6i0i.reportingonlinemsie.com
      IEXPLORE.EXE
      Remote address:
      8.8.8.8:53
      Request
      12r6i0i.reportingonlinemsie.com
      IN A
      Response
    • flag-unknown
      DNS
      12r6i0i.reportingonlinemsie.com
      IEXPLORE.EXE
      Remote address:
      8.8.8.8:53
      Request
      12r6i0i.reportingonlinemsie.com
      IN A
      Response
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      iexplore.exe
      707 B
       7.6kB
       8
      11
    • 8.8.8.8:53
      12r6i05.reportingonlinemsie.com
      dns
      IEXPLORE.EXE
      77 B
       150 B
       1
      1

      DNS Request

      12r6i05.reportingonlinemsie.com

    • 8.8.8.8:53
      12r6i05.reportingonlinemsie.com
      dns
      IEXPLORE.EXE
      77 B
       150 B
       1
      1

      DNS Request

      12r6i05.reportingonlinemsie.com

    • 8.8.8.8:53
      12r6i0i.reportingonlinemsie.com
      dns
      IEXPLORE.EXE
      77 B
       150 B
       1
      1

      DNS Request

      12r6i0i.reportingonlinemsie.com

    • 8.8.8.8:53
      12r6i0i.reportingonlinemsie.com
      dns
      IEXPLORE.EXE
      77 B
       150 B
       1
      1

      DNS Request

      12r6i0i.reportingonlinemsie.com

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4RBISLSC.txt
      Filesize

      608B

      MD5

      906e4f531eb2746eee4db2e0aeec04d5

      SHA1

      ebbedc8df85c2c1218b0a28b81aa80734a0193d4

      SHA256

      cdbc16a985bd87702e0740248f2c85401af4f3e13bffb6e1dbbea5b2e207becb

      SHA512

      1294531ce57dfb803d2f398e4254f6ffb4dd356eb04dbe04daaddcf02b70c99b926a0191bb8de330e5e31ed63c924fbd44b4fded8e00521c775ff238ff9993a9

      Download Submit

    • memory/1312-55-0x0000000075761000-0x0000000075763000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1312-56-0x00000000001D0000-0x000000000022F000-memory.dmp

      Filesize

      380KB

      Download

    • memory/1312-60-0x0000000000190000-0x00000000001C7000-memory.dmp

      Filesize

      220KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.