Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

WinPcap_4_1_3.exe

windows10-1703-x64

8

Analysis

  • max time kernel
    77s
  • max time network
    75s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    07/03/2023, 19:20 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinPcap_4_1_3.exe

  • Size

    893KB

  • MD5

    a11a2f0cfe6d0b4c50945989db6360cd

  • SHA1

    e2516fcd1573e70334c8f50bee5241cdfdf48a00

  • SHA256

    fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de

  • SHA512

    2652d84eb91ca7957b4fb3ff77313e5dae978960492669242df4f246296f1bedaa48c0d33ffb286b2859a1b86ef5460060b551edca597b4ec60ee08676877c70

  • SSDEEP

    24576:UBOldyR6ORWsaM2QROxa6jsqUENfJjNK/CG6niqiL:2KzqWsayROxa6QDENuaG+ifL

Score
8/10
discovery

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Loads dropped DLL 11 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 5 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Runs net.exe
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinPcap_4_1_3.exe
    "C:\Users\Admin\AppData\Local\Temp\WinPcap_4_1_3.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4108
    • C:\Windows\SysWOW64\net.exe
      net start npf
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4068
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 start npf
        3⤵
          PID:5116

    Network

      No results found
    • 52.182.143.211:443
      322 B
       7
    • 8.238.21.126:80
      322 B
       7
    No results found

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\WinPcap\WinPcapInstall.dll
      Filesize

      91KB

      MD5

      e78291558cb803dfd091ad8fb56feecc

      SHA1

      4bde2f87e903fe8d3bd80179c5584cec7a8cbdc4

      SHA256

      d9f4cd9f0e1bc9a138fb4da6f83c92c3e86eb3de4f988d5943d75c9b1dc6bb9d

      SHA512

      042b96bc2c0e6d8b6e2730426938eb7400fd833be8a108a4942f559fedefabc35fd5dcb7ea1898d377b4382c0a9af8eeeebd663a4c852c706e3bd168c1f1f62f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso527B.tmp\ExecDos.dll
      Filesize

      5KB

      MD5

      a7cd6206240484c8436c66afb12bdfbf

      SHA1

      0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

      SHA256

      69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

      SHA512

      b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso527B.tmp\InstallOptions.dll
      Filesize

      14KB

      MD5

      325b008aec81e5aaa57096f05d4212b5

      SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

      SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

      SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso527B.tmp\System.dll
      Filesize

      11KB

      MD5

      c17103ae9072a06da581dec998343fc1

      SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

      SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

      SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso527B.tmp\UserInfo.dll
      Filesize

      4KB

      MD5

      7579ade7ae1747a31960a228ce02e666

      SHA1

      8ec8571a296737e819dcf86353a43fcf8ec63351

      SHA256

      564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

      SHA512

      a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso527B.tmp\bootOptions.ini
      Filesize

      349B

      MD5

      73461ff69941beefb0f5630b29b5ae2e

      SHA1

      f8f33b309db03f1bc5a9fd452150245474c000f1

      SHA256

      81a27757de2fa404014be9a73f502537628f82a3da3f809b1ff5584a828910b8

      SHA512

      38b3a21683bb30cc301406e2f12d0cf916299a4618af552f9e01b1b0fecddf22c79e37f7aaf3f2a85706a263049d10c17ccc417fa9c07f8b74c28284a02da460

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso527B.tmp\bootOptions.ini
      Filesize

      371B

      MD5

      6185a19077037934bda8e63732405e7d

      SHA1

      280e774f9174ec1441e3451863d3fc847d42f40c

      SHA256

      9683fb10b98403142fbd01a235a647c9e5c71dca684a3fb2c463bb0af8ad2222

      SHA512

      8102fd122d5c7400e99bbe89eadf66969690cf09496a02a1b5ccee2ebccf14c9a2c4c88139cf0fe5cfc39d7ec5783a2e7b4d6474da2128ac2b2f858f58c8c5e8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso527B.tmp\ioSpecial.ini
      Filesize

      578B

      MD5

      0c13e2f80143043390bbcd88918b424f

      SHA1

      6fbb7d09613a8bf38590ad525556f5d16e6d5041

      SHA256

      034eb6cdaab68b2352af4052eaa00a12bc3692ac539f8c8b8965c18a561cf5aa

      SHA512

      1458b636994b6182e6eab21a1ccb8f4fcb2515f8bd28e81241e590176431f838a4b6622d1ac1508bce31dbd0a3f90a22bd127c489441a382e029532010770221

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso527B.tmp\ioSpecial.ini
      Filesize

      626B

      MD5

      057326ddeca2f998504febbfbaf4d1a3

      SHA1

      d10cf3cc5b793ff1c33cc66d3120a94896d1cc01

      SHA256

      676d2f824e639ba616d1cbe7f829f81fa174e17f515da77469236957cc650fe2

      SHA512

      dd90200d731dbdb2615f428850611dd5c25457c080fbe2ad81f972cd3ecf86100a5d104bbb19a05c75d93de40e869ad79be918f4586cd90ca86169e9e231726e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso527B.tmp\ioSpecial.ini
      Filesize

      626B

      MD5

      f02529512586e5ebca6b9b9a8ea474f8

      SHA1

      f69bf33bdd5cb97ed9bf83167db5f8c4ede81c09

      SHA256

      bea31520c4d9286c166d6cccb6107baa98d75c27290b79ad33d3f66baab04455

      SHA512

      683ec8770453af6a2b7ee5efba94d5c40fdb50ce2d697ba6d5bae80e355286be653a0ec576327c8703dbad237534dccbe7bda0721160ed93456fefa1095d5c0e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso527B.tmp\ioSpecial.ini
      Filesize

      556B

      MD5

      9a4e1a4761cb8df6f700afa956051ab8

      SHA1

      b9d0462f2ca0705fd6f9765c613e284a42831142

      SHA256

      e8a9a3150a5e70bfadd16d7d98208d7fc334c18ed729dd15bca061ef7f051aa7

      SHA512

      c79d0e4950735d94354c6a7106e566d58c6df1bb844f246879b08947ca7c47b60173449d641587435457551432b73032c66906ebf31797cab7912b99945fd1b2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso527B.tmp\ioSpecial.ini
      Filesize

      556B

      MD5

      9e64f573e3787a3991be6e7d429e95f8

      SHA1

      b11855932fef27279ad5efec9e5956641115d3eb

      SHA256

      775cc666179982eef57d3b00174f927c01e1ad192427985e3cbc7fb5c57e6bf5

      SHA512

      f5cf4fb3e6fcb80577d92c464556a5184621cd7be5b09fde7c629508754ae80e4c28dbe3794361972a27c92ee6de0210f3703473859091a3e4e13188bfc314ac

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nso527B.tmp\modern-wizard.bmp
      Filesize

      25KB

      MD5

      cbe40fd2b1ec96daedc65da172d90022

      SHA1

      366c216220aa4329dff6c485fd0e9b0f4f0a7944

      SHA256

      3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

      SHA512

      62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

      Download Submit

    • \Program Files (x86)\WinPcap\WinPcapInstall.dll
      Filesize

      91KB

      MD5

      e78291558cb803dfd091ad8fb56feecc

      SHA1

      4bde2f87e903fe8d3bd80179c5584cec7a8cbdc4

      SHA256

      d9f4cd9f0e1bc9a138fb4da6f83c92c3e86eb3de4f988d5943d75c9b1dc6bb9d

      SHA512

      042b96bc2c0e6d8b6e2730426938eb7400fd833be8a108a4942f559fedefabc35fd5dcb7ea1898d377b4382c0a9af8eeeebd663a4c852c706e3bd168c1f1f62f

      Download Submit

    • \Program Files (x86)\WinPcap\WinPcapInstall.dll
      Filesize

      91KB

      MD5

      e78291558cb803dfd091ad8fb56feecc

      SHA1

      4bde2f87e903fe8d3bd80179c5584cec7a8cbdc4

      SHA256

      d9f4cd9f0e1bc9a138fb4da6f83c92c3e86eb3de4f988d5943d75c9b1dc6bb9d

      SHA512

      042b96bc2c0e6d8b6e2730426938eb7400fd833be8a108a4942f559fedefabc35fd5dcb7ea1898d377b4382c0a9af8eeeebd663a4c852c706e3bd168c1f1f62f

      Download Submit

    • \Program Files (x86)\WinPcap\WinPcapInstall.dll
      Filesize

      91KB

      MD5

      e78291558cb803dfd091ad8fb56feecc

      SHA1

      4bde2f87e903fe8d3bd80179c5584cec7a8cbdc4

      SHA256

      d9f4cd9f0e1bc9a138fb4da6f83c92c3e86eb3de4f988d5943d75c9b1dc6bb9d

      SHA512

      042b96bc2c0e6d8b6e2730426938eb7400fd833be8a108a4942f559fedefabc35fd5dcb7ea1898d377b4382c0a9af8eeeebd663a4c852c706e3bd168c1f1f62f

      Download Submit

    • \Program Files (x86)\WinPcap\WinPcapInstall.dll
      Filesize

      91KB

      MD5

      e78291558cb803dfd091ad8fb56feecc

      SHA1

      4bde2f87e903fe8d3bd80179c5584cec7a8cbdc4

      SHA256

      d9f4cd9f0e1bc9a138fb4da6f83c92c3e86eb3de4f988d5943d75c9b1dc6bb9d

      SHA512

      042b96bc2c0e6d8b6e2730426938eb7400fd833be8a108a4942f559fedefabc35fd5dcb7ea1898d377b4382c0a9af8eeeebd663a4c852c706e3bd168c1f1f62f

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nso527B.tmp\ExecDos.dll
      Filesize

      5KB

      MD5

      a7cd6206240484c8436c66afb12bdfbf

      SHA1

      0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

      SHA256

      69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

      SHA512

      b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nso527B.tmp\ExecDos.dll
      Filesize

      5KB

      MD5

      a7cd6206240484c8436c66afb12bdfbf

      SHA1

      0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

      SHA256

      69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

      SHA512

      b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nso527B.tmp\InstallOptions.dll
      Filesize

      14KB

      MD5

      325b008aec81e5aaa57096f05d4212b5

      SHA1

      27a2d89747a20305b6518438eff5b9f57f7df5c3

      SHA256

      c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

      SHA512

      18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nso527B.tmp\System.dll
      Filesize

      11KB

      MD5

      c17103ae9072a06da581dec998343fc1

      SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

      SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

      SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nso527B.tmp\System.dll
      Filesize

      11KB

      MD5

      c17103ae9072a06da581dec998343fc1

      SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

      SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

      SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nso527B.tmp\UserInfo.dll
      Filesize

      4KB

      MD5

      7579ade7ae1747a31960a228ce02e666

      SHA1

      8ec8571a296737e819dcf86353a43fcf8ec63351

      SHA256

      564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

      SHA512

      a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nso527B.tmp\UserInfo.dll
      Filesize

      4KB

      MD5

      7579ade7ae1747a31960a228ce02e666

      SHA1

      8ec8571a296737e819dcf86353a43fcf8ec63351

      SHA256

      564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

      SHA512

      a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

      Download Submit

    • memory/4108-361-0x0000000004CA0000-0x0000000004CB6000-memory.dmp

      Filesize

      88KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.