Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2023, 08:32

General

  • Target

    fd8f87b0b7d9a02fc7afe9a0a3dff67a8f0306e241046bdda8ecca1294e400eb.dll

  • Size

    4.5MB

  • MD5

    5d537254370fb7f3256524e6e74743d0

  • SHA1

    e931de448f728bc9910dbb85e91e74e05e7ead0e

  • SHA256

    fd8f87b0b7d9a02fc7afe9a0a3dff67a8f0306e241046bdda8ecca1294e400eb

  • SHA512

    c0389f2af34f8f2b95d0c6bfd91e1a53c7e90186c19b15d67571a7cabe76b5a3ddc8cad02ca2354a0d29742fc643b9c90243605ae359ad013dfd486da5beaf15

  • SSDEEP

    98304:JAZdwZomsjDGwYYtQddncl5oVb/lbGWRB2A:OQmMYedFcl5oVb/R7B2A

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd8f87b0b7d9a02fc7afe9a0a3dff67a8f0306e241046bdda8ecca1294e400eb.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2996
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd8f87b0b7d9a02fc7afe9a0a3dff67a8f0306e241046bdda8ecca1294e400eb.dll,#1
      2⤵
      • Loads dropped DLL
      • Writes to the Master Boot Record (MBR)
      • Drops file in Windows directory
      PID:1860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\{FBAB31BB-9771-40c9-B2C5-0B93E98BEAAF}.tmp\curl.dll

    Filesize

    1.9MB

    MD5

    7dadf54b11a68b3efd5d19338b960036

    SHA1

    986bd5df5f365c34728095fa655261b055396622

    SHA256

    a30676bcfebde05da262ac222e1a4250ca7e8d9ee5958f3d23af0e854f63dd45

    SHA512

    76ae75f6329973c6772e43d16fcc0d4c2739f7f40f62429a98ec0dd91a2bc472e28cb98dc3af74995a81b7f2c493253d7529f67a2ad003a6777ad89998670e20

  • \Users\Admin\AppData\Local\Temp\{348525AD-754E-49a4-97E0-3792C92B5AD1}.tmp\7z.dll

    Filesize

    1.1MB

    MD5

    6abb7f08afe440d408cfb44d7f3ddc54

    SHA1

    9b37119ad5f575b732f4b1816f9f15ac54f8eb8a

    SHA256

    0e0021d348ba56d3e24d30382a453f95cc609750ea3552cfda37acb53befcdc3

    SHA512

    f3d70e5e5f0fbddcdd19f8c058db6f4cefaaa58473e575fb1f9b563334d6505fae79a03c10b6eb1628c8a63766c13c1255939ac40c7d88567aacc28ca6d3c2e2

  • \Users\Admin\AppData\Local\Temp\{FBAB31BB-9771-40c9-B2C5-0B93E98BEAAF}.tmp\curl.dll

    Filesize

    1.9MB

    MD5

    7dadf54b11a68b3efd5d19338b960036

    SHA1

    986bd5df5f365c34728095fa655261b055396622

    SHA256

    a30676bcfebde05da262ac222e1a4250ca7e8d9ee5958f3d23af0e854f63dd45

    SHA512

    76ae75f6329973c6772e43d16fcc0d4c2739f7f40f62429a98ec0dd91a2bc472e28cb98dc3af74995a81b7f2c493253d7529f67a2ad003a6777ad89998670e20