Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

BUGSPLAT.dll

windows10-2004-x64

8

INSTRUCT.lnk

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2023, 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BUGSPLAT.dll

  • Size

    265KB

  • MD5

    cf36bf564fbb7d5ec4cec9b0f185f6c9

  • SHA1

    8eb64670c10505322d45f6114bc9f7de0826e3a1

  • SHA256

    e957326b2167fa7ccd508cbf531779a28bfce75eb2635ab81826a522979aeb98

  • SHA512

    39e1f522ea424e437fe97b65ea65acb08069f6a88be61503ee75224108d105bbbec7374d8013017e78efe4e4129128316e732726cd96441d6db529556716847c

  • SSDEEP

    3072:tUEmC94lAhNLdHZS/Y1s7kNf4RqWs4e32pIYNxHaaBzpodfOYFdUq20vP0X6/q:/s/YPNfEqWKG2kHaaB2kwUq20v

Score
8/10
persistence

Malware Config

Signatures

  • Blocklisted process makes network request 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\BUGSPLAT.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Adds Run key to start application
    PID:3444

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3444-133-0x00007FFBCFA10000-0x00007FFBCFC05000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3444-134-0x00007FFBC1C30000-0x00007FFBC2100000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/3444-140-0x000000006BB80000-0x000000006BBCC000-memory.dmp

    Filesize

    304KB

    Download