Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
1Borrador/EULA.rtf
windows7-x64
4Borrador/EULA.rtf
windows10-2004-x64
1Borrador/I...er.dll
windows7-x64
1Borrador/I...er.dll
windows10-2004-x64
1Borrador/I...er.exe
windows7-x64
3Borrador/I...er.exe
windows10-2004-x64
4Borrador/I...er.exe
windows7-x64
Borrador/I...er.exe
windows10-2004-x64
Borrador/h...p.html
windows7-x64
1Borrador/h...p.html
windows10-2004-x64
1Borrador/unins000.exe
windows7-x64
7Borrador/unins000.exe
windows10-2004-x64
7Minecraft ...re.dll
windows7-x64
1Minecraft ...re.dll
windows10-2004-x64
1Minecraft ...re.dll
windows7-x64
1Minecraft ...re.dll
windows10-2004-x64
1Analysis
-
max time kernel
28s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
31/03/2023, 00:43
Static task
static1
Behavioral task
behavioral1
Sample
Borrador/EULA.rtf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Borrador/EULA.rtf
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Borrador/IObitUnlocker.dll
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Borrador/IObitUnlocker.dll
Resource
win10v2004-20230221-en
Behavioral task
behavioral5
Sample
Borrador/IObitUnlocker.exe
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Borrador/IObitUnlocker.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Borrador/IObitUnlocker.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
Borrador/IObitUnlocker.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
Borrador/help/help.html
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
Borrador/help/help.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
Borrador/unins000.exe
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
Borrador/unins000.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
Minecraft 64 Bits/SysWOW64/Windows.ApplicationModel.Store.dll
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
Minecraft 64 Bits/SysWOW64/Windows.ApplicationModel.Store.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
Minecraft 64 Bits/System32/Windows.ApplicationModel.Store.dll
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
Minecraft 64 Bits/System32/Windows.ApplicationModel.Store.dll
Resource
win10v2004-20230220-en
General
-
Target
Borrador/IObitUnlocker.dll
-
Size
71KB
-
MD5
6dc47f0038dd44de1c3a854949572774
-
SHA1
a5b74648a3944ac1781c89d3f549715e31eb5c85
-
SHA256
9e93fbb7955710e50a1ef4a222253a349927a543b105bfe26d4803ddc54060a9
-
SHA512
52caeb12ff1a57362e0c80f22221311df453eaeec6ba4e39b67942ad0ae6f8fc39b17bfe951f04c3d1d0a6b455bf91e9b1c2df5ad284bf6c2c8b0dd671c37d96
-
SSDEEP
1536:0gr2Lr071OUKFOk12oilFHyKyXMuJwIzD:0grviGoiiKycuew
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2044 wrote to memory of 1144 2044 rundll32.exe 17 PID 2044 wrote to memory of 1144 2044 rundll32.exe 17 PID 2044 wrote to memory of 1144 2044 rundll32.exe 17 PID 2044 wrote to memory of 1144 2044 rundll32.exe 17 PID 2044 wrote to memory of 1144 2044 rundll32.exe 17 PID 2044 wrote to memory of 1144 2044 rundll32.exe 17 PID 2044 wrote to memory of 1144 2044 rundll32.exe 17