Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

SRMLInstal...1c.zip

windows10-2004-x64

7

Analysis

  • max time kernel
    45s
  • max time network
    54s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/04/2023, 17:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SRMLInstaller_0.2.1c.zip

  • Size

    1.7MB

  • MD5

    7833fd4e30613e9047232346455d8439

  • SHA1

    f72ab481bb2b210e2ffe779d48e7065d3310d3c0

  • SHA256

    e3a832397920a03a682e554e9ace3631a558894d1ace32cb7942cd05fbbd308e

  • SHA512

    ab60f9afc7a38deb919cb7484b9413f9f5bbe12702f59ba73baed9faca6f89d518c02ae0834093e246f9447c406778f3b6b4e6a893947199638d6897d4beeb27

  • SSDEEP

    49152:z9PRz54eSSSSSSS/XiK8VdC51HHJbpZDlfKHyxOpV:z9PRz54eSSSSSSS/XidVk51HHhNKSxOL

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 12 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\SRMLInstaller_0.2.1c.zip
    1⤵
      PID:3992
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:4460
      • C:\Users\Admin\Documents\SRMLInstaller_0.2.1c\SRMLInstaller.exe
        "C:\Users\Admin\Documents\SRMLInstaller_0.2.1c\SRMLInstaller.exe"
        1⤵
        • Loads dropped DLL
        PID:3936

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\Costura\0B7E58F062E84CF03803AF9227E8C0C4\costura.dll
        Filesize

        4KB

        MD5

        ac10cdf4657b826c3c6d4d247464aee8

        SHA1

        1bb14967938d99e768af208fb54668109e81abbb

        SHA256

        8ac0ae430fbb1af16b923011dd9c02ae5b3d89f2fecaa3e8c7a249f4b0f0c6b7

        SHA512

        8f377b31dbdd128322bdec2f566323fea42168c9059ae8d2e953a33ce082d92bfd1b356304a3cc13426d946311f329e5d7c3bd5bff3c1baac1c3528c4e181b78

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Costura\0B7E58F062E84CF03803AF9227E8C0C4\costura.dll
        Filesize

        4KB

        MD5

        ac10cdf4657b826c3c6d4d247464aee8

        SHA1

        1bb14967938d99e768af208fb54668109e81abbb

        SHA256

        8ac0ae430fbb1af16b923011dd9c02ae5b3d89f2fecaa3e8c7a249f4b0f0c6b7

        SHA512

        8f377b31dbdd128322bdec2f566323fea42168c9059ae8d2e953a33ce082d92bfd1b356304a3cc13426d946311f329e5d7c3bd5bff3c1baac1c3528c4e181b78

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Costura\0B7E58F062E84CF03803AF9227E8C0C4\mono.cecil.dll
        Filesize

        331KB

        MD5

        16c4cb74628930724dd717da06f7bc69

        SHA1

        c22e48febfcba1c1a1ce0b5261f84ec074cb2ef2

        SHA256

        046435e644748c5c46545e4304727aabde76e59b12b7edc3ce04cc1366ef5dfc

        SHA512

        66a261c2fe73a98b53546529888a6044b5586120c5ae4927ced1874d94ea293f922fb2d503e71e8c120fc61669d435166d6f2fcc92b39f6b1cf2b8afccdceed8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Costura\0B7E58F062E84CF03803AF9227E8C0C4\mono.cecil.dll
        Filesize

        331KB

        MD5

        16c4cb74628930724dd717da06f7bc69

        SHA1

        c22e48febfcba1c1a1ce0b5261f84ec074cb2ef2

        SHA256

        046435e644748c5c46545e4304727aabde76e59b12b7edc3ce04cc1366ef5dfc

        SHA512

        66a261c2fe73a98b53546529888a6044b5586120c5ae4927ced1874d94ea293f922fb2d503e71e8c120fc61669d435166d6f2fcc92b39f6b1cf2b8afccdceed8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Costura\0B7E58F062E84CF03803AF9227E8C0C4\mono.cecil.dll
        Filesize

        331KB

        MD5

        16c4cb74628930724dd717da06f7bc69

        SHA1

        c22e48febfcba1c1a1ce0b5261f84ec074cb2ef2

        SHA256

        046435e644748c5c46545e4304727aabde76e59b12b7edc3ce04cc1366ef5dfc

        SHA512

        66a261c2fe73a98b53546529888a6044b5586120c5ae4927ced1874d94ea293f922fb2d503e71e8c120fc61669d435166d6f2fcc92b39f6b1cf2b8afccdceed8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Costura\0B7E58F062E84CF03803AF9227E8C0C4\mono.cecil.dll
        Filesize

        331KB

        MD5

        16c4cb74628930724dd717da06f7bc69

        SHA1

        c22e48febfcba1c1a1ce0b5261f84ec074cb2ef2

        SHA256

        046435e644748c5c46545e4304727aabde76e59b12b7edc3ce04cc1366ef5dfc

        SHA512

        66a261c2fe73a98b53546529888a6044b5586120c5ae4927ced1874d94ea293f922fb2d503e71e8c120fc61669d435166d6f2fcc92b39f6b1cf2b8afccdceed8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Costura\0B7E58F062E84CF03803AF9227E8C0C4\mono.cecil.dll
        Filesize

        331KB

        MD5

        16c4cb74628930724dd717da06f7bc69

        SHA1

        c22e48febfcba1c1a1ce0b5261f84ec074cb2ef2

        SHA256

        046435e644748c5c46545e4304727aabde76e59b12b7edc3ce04cc1366ef5dfc

        SHA512

        66a261c2fe73a98b53546529888a6044b5586120c5ae4927ced1874d94ea293f922fb2d503e71e8c120fc61669d435166d6f2fcc92b39f6b1cf2b8afccdceed8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Costura\0B7E58F062E84CF03803AF9227E8C0C4\mono.cecil.mdb.dll
        Filesize

        42KB

        MD5

        baf762f8bc3b6d7a0715c8c049228635

        SHA1

        42589eff309953a9360db48b9841dd130f76d289

        SHA256

        66fb9c6f5d958369dad3cf2e9d366028625112c91eb00adec1ed985728fb9fa7

        SHA512

        782b95868ff535309c3d5832dddff5edf0b097574b37afa1af90de3b91018ba4f8b77a649f8e6825f35d8fbee5e7bef9f573a8cde5b8b19a0e40e70d46404bd0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Costura\0B7E58F062E84CF03803AF9227E8C0C4\mono.cecil.mdb.dll
        Filesize

        42KB

        MD5

        baf762f8bc3b6d7a0715c8c049228635

        SHA1

        42589eff309953a9360db48b9841dd130f76d289

        SHA256

        66fb9c6f5d958369dad3cf2e9d366028625112c91eb00adec1ed985728fb9fa7

        SHA512

        782b95868ff535309c3d5832dddff5edf0b097574b37afa1af90de3b91018ba4f8b77a649f8e6825f35d8fbee5e7bef9f573a8cde5b8b19a0e40e70d46404bd0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Costura\0B7E58F062E84CF03803AF9227E8C0C4\mono.cecil.pdb.dll
        Filesize

        84KB

        MD5

        7def3d4cbe3227adc33097787cd611e2

        SHA1

        f492da729b5ef954805a502787e881e9a823dbe3

        SHA256

        5bd7a0e224925912265ee32a8d7e4d97253db8ef6181e2725d03f26e3312821b

        SHA512

        d190fec7c887890b0a5a4982f26b1ddedd8144bd87acc7bfa538531d3bbcfd597c1576748ac8980f220623cd3dbe3eb0a6ed6554cb768c77ee82bc219fde7a06

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Costura\0B7E58F062E84CF03803AF9227E8C0C4\mono.cecil.pdb.dll
        Filesize

        84KB

        MD5

        7def3d4cbe3227adc33097787cd611e2

        SHA1

        f492da729b5ef954805a502787e881e9a823dbe3

        SHA256

        5bd7a0e224925912265ee32a8d7e4d97253db8ef6181e2725d03f26e3312821b

        SHA512

        d190fec7c887890b0a5a4982f26b1ddedd8144bd87acc7bfa538531d3bbcfd597c1576748ac8980f220623cd3dbe3eb0a6ed6554cb768c77ee82bc219fde7a06

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Costura\0B7E58F062E84CF03803AF9227E8C0C4\mono.cecil.rocks.dll
        Filesize

        27KB

        MD5

        e4c29a2bf3bd583c8f2daf8cc8b3c4ca

        SHA1

        76f922af7e984383431291d664876820118f16ab

        SHA256

        02f3141e5ab9a806099be8227d68473b3b4d6f1ab5ee19476011ec3be5c66af8

        SHA512

        5d66fe3103896611379dcdb2226828dfdda7c49db9710dd72455c92919b2eeec3b700fa2d574f8a857394ee689c571606c43f5235b2104dc2b8777d856336760

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\Costura\0B7E58F062E84CF03803AF9227E8C0C4\mono.cecil.rocks.dll
        Filesize

        27KB

        MD5

        e4c29a2bf3bd583c8f2daf8cc8b3c4ca

        SHA1

        76f922af7e984383431291d664876820118f16ab

        SHA256

        02f3141e5ab9a806099be8227d68473b3b4d6f1ab5ee19476011ec3be5c66af8

        SHA512

        5d66fe3103896611379dcdb2226828dfdda7c49db9710dd72455c92919b2eeec3b700fa2d574f8a857394ee689c571606c43f5235b2104dc2b8777d856336760

        Download Submit

      • memory/3936-133-0x0000000000C10000-0x0000000001034000-memory.dmp

        Filesize

        4.1MB

        Download

      • memory/3936-162-0x0000000005970000-0x00000000059CA000-memory.dmp

        Filesize

        360KB

        Download

      • memory/3936-165-0x0000000005890000-0x00000000058A0000-memory.dmp

        Filesize

        64KB

        Download