Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
10server.exe
windows7-x64
8server.exe
windows10-2004-x64
8server.out
ubuntu-18.04-amd64
7socks32_tor.dll
windows7-x64
8socks32_tor.dll
windows10-2004-x64
8socks_tor.exe
windows7-x64
10socks_tor.exe
windows10-2004-x64
10www/system...ip2.js
windows7-x64
1www/system...ip2.js
windows10-2004-x64
1www/system...x.html
windows7-x64
1www/system...x.html
windows10-2004-x64
1www/system...ord.js
windows7-x64
1www/system...ord.js
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
09/05/2023, 04:53
Behavioral task
behavioral1
Sample
server.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral2
Sample
server.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
server.out
Resource
ubuntu1804-amd64-en-20211208
ubuntu-18.04-amd64
Behavioral task
behavioral4
Sample
socks32_tor.dll
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral5
Sample
socks32_tor.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
socks_tor.exe
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral7
Sample
socks_tor.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
www/systembc/geoip/geoip2.js
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral9
Sample
www/systembc/geoip/geoip2.js
Resource
win10v2004-20230221-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
www/systembc/index.html
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral11
Sample
www/systembc/index.html
Resource
win10v2004-20230220-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
www/systembc/password.js
Resource
win7-20230220-en
windows7-x64
Behavioral task
behavioral13
Sample
www/systembc/password.js
Resource
win10v2004-20230220-en
windows10-2004-x64
General
-
Target
socks32_tor.dll
-
Size
31KB
-
MD5
ab2358024b8fa1f8d2ba06ff7980734f
-
SHA1
ee98a887090a0d04408d23ffb87fe933b2287107
-
SHA256
77eb1714a4eb6c8c138e3a013bb20633122039a71c46d7b579722baaa91c0f34
-
SHA512
a0958ac9ea9329ff6026ab22ce733970edc4e3604cbc5179c45ac76859789377e9fcdc704c04be30527e75cb362118bbcd8dc3022931111eb66cf9766ee02e74
-
SSDEEP
768:bS8Mc/ReGneyfP5iqiWsNhGDoh2EfoJdmA:8c/ReGnnhig4Lh2Efo
Malware Config
Signatures
-
Blocklisted process makes network request 14 IoCs
flow pid Process 1 2000 rundll32.exe 2 2000 rundll32.exe 4 2000 rundll32.exe 5 2000 rundll32.exe 6 2000 rundll32.exe 7 2000 rundll32.exe 8 2000 rundll32.exe 9 2000 rundll32.exe 10 2000 rundll32.exe 11 2000 rundll32.exe 12 2000 rundll32.exe 13 2000 rundll32.exe 14 2000 rundll32.exe 15 2000 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2020 wrote to memory of 2000 2020 rundll32.exe 27 PID 2020 wrote to memory of 2000 2020 rundll32.exe 27 PID 2020 wrote to memory of 2000 2020 rundll32.exe 27 PID 2020 wrote to memory of 2000 2020 rundll32.exe 27 PID 2020 wrote to memory of 2000 2020 rundll32.exe 27 PID 2020 wrote to memory of 2000 2020 rundll32.exe 27 PID 2020 wrote to memory of 2000 2020 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\socks32_tor.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\socks32_tor.dll,#12⤵
- Blocklisted process makes network request
PID:2000
-