Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

138ddc03dc...1d.dll

windows7-x64

8

138ddc03dc...1d.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    17/12/2022, 19:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    138ddc03dc3ec84727bd1b5c3374d325e373971980e288ecf28366363c83a71d.dll

  • Size

    2.0MB

  • MD5

    bba24aab3e1746f6de73404a1377d8ec

  • SHA1

    d4afbf943b3ede26d2a862d6f71fcde7eb5fc7a9

  • SHA256

    138ddc03dc3ec84727bd1b5c3374d325e373971980e288ecf28366363c83a71d

  • SHA512

    e26f7f5d84261ace5e728f7c418046be22be70b0713a48aa8f42942cdc374d681a560115031a1dad67e1bfafdcf422eb64a333f7ba91d9f87b59346d11db2f46

  • SSDEEP

    49152:4ImzpJJeD1EIDR3WmuDadUuNi/SOmvVfCvG1GyY3:dmzlebmbDadUnKOmcT

Score
8/10
bootkitpersistence

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\138ddc03dc3ec84727bd1b5c3374d325e373971980e288ecf28366363c83a71d.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:752
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\138ddc03dc3ec84727bd1b5c3374d325e373971980e288ecf28366363c83a71d.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1584
      • C:\Windows\SysWOW64\Wbem\wmic.exe
        wmic BaseBoard get SerialNumber
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1824
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://6666.ys168.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1056
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1056 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1516

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    8d22bb6fa2563895710b9b8c57b9deb7

    SHA1

    e363d5f8a4bb8580dc1cca171fd823f247ff6f89

    SHA256

    1c3d063ab2a0362318bec0f82e1224a8ef8a97a507da6f1804c2e49e7ebef79d

    SHA512

    d0e61519997b78a1804806e44e3c80c7306d2ac06706879c48252411fdc9384bc1380cb7e7adb1fc3b3c033529a96cd6508bda6651e07764694f5e71b465d3b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
    Filesize

    5KB

    MD5

    d423c0399bc40d47a07802288e3b2935

    SHA1

    1229b0a48ed1283262671afbcd58a65caafd178b

    SHA256

    db0e940c78213b671f37a17fd5812f4952105f8fefff964b8bf6d5ad2141b798

    SHA512

    7ef89da6f34e06f553d70749d2e04776055f211b72d1f34d68138b1651cf5978d49cd0d1048e34be91f05db3e91c37546bd257225a02e90574dcccff54f2988c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5YI8XH9G.txt
    Filesize

    597B

    MD5

    14fb520b498fcecf64435876dd2b64b8

    SHA1

    f722a8d57c0b768edefcc3bd7b301c0b238eedc1

    SHA256

    ca72969675e2a7c32e4aff7d09ae1e13499a471b894c813e3d77bf5af1b31c11

    SHA512

    758b126213d03b00842e379a181e3405bb23e63fe08c971206f512f8b1d1da36c7727946e542bd64e23064df0e3e2dcdc6022b1e316b4623178a64ad62376326

    Download Submit

  • memory/1584-55-0x0000000075241000-0x0000000075243000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1584-57-0x00000000770B0000-0x00000000770F7000-memory.dmp

    Filesize

    284KB

    Download

  • memory/1584-271-0x0000000010000000-0x00000000102F3000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1584-465-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-466-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-467-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-468-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-469-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-464-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-471-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-472-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-473-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-474-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-470-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-475-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-477-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-476-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-478-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-480-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-479-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-482-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-481-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-484-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-483-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-486-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-485-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-488-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-487-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-489-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-490-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-491-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-493-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-492-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-495-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-494-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-496-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-498-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-497-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-500-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-499-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-502-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-501-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-504-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-503-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-506-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-505-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-507-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-509-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-508-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-511-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-510-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-513-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-512-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-514-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-516-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-515-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-518-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-519-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-517-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-521-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-520-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-523-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-522-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-524-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-525-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-1599-0x0000000001FB0000-0x00000000020B0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1584-1601-0x0000000002190000-0x0000000002311000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/1584-4617-0x0000000002440000-0x0000000002551000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1584-4618-0x0000000010000000-0x00000000102F3000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1584-4619-0x0000000002320000-0x0000000002421000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1584-4620-0x0000000002560000-0x0000000002601000-memory.dmp

    Filesize

    644KB

    Download

  • memory/1584-4621-0x0000000001FB0000-0x00000000020B0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/1584-4623-0x0000000010000000-0x00000000102F3000-memory.dmp

    Filesize

    2.9MB

    Download