Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
3BINDInstall.exe
windows7-x64
1BINDInstall.exe
windows10-2004-x64
1bindevt.dll
windows7-x64
1bindevt.dll
windows10-2004-x64
1dig.exe
windows7-x64
dig.exe
windows10-2004-x64
dnssec-keygen.exe
windows7-x64
dnssec-keygen.exe
windows10-2004-x64
dnssec-signzone.exe
windows7-x64
dnssec-signzone.exe
windows10-2004-x64
host.exe
windows7-x64
host.exe
windows10-2004-x64
libbind9.dll
windows7-x64
1libbind9.dll
windows10-2004-x64
1libdns.dll
windows7-x64
1libdns.dll
windows10-2004-x64
1libeay32.dll
windows7-x64
1libeay32.dll
windows10-2004-x64
1libisc.dll
windows7-x64
1libisc.dll
windows10-2004-x64
1libisccc.dll
windows7-x64
1libisccc.dll
windows10-2004-x64
1libisccfg.dll
windows7-x64
1libisccfg.dll
windows10-2004-x64
1liblwres.dll
windows7-x64
1liblwres.dll
windows10-2004-x64
1named-checkconf.exe
windows7-x64
named-checkconf.exe
windows10-2004-x64
named-checkzone.exe
windows7-x64
named-checkzone.exe
windows10-2004-x64
named.exe
windows7-x64
named.exe
windows10-2004-x64
Analysis
-
max time kernel
154s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2023, 14:03
Static task
static1
Behavioral task
behavioral1
Sample
BINDInstall.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
BINDInstall.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
bindevt.dll
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
bindevt.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral5
Sample
dig.exe
Resource
win7-20231020-en
Behavioral task
behavioral6
Sample
dig.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral7
Sample
dnssec-keygen.exe
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
dnssec-keygen.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
dnssec-signzone.exe
Resource
win7-20231025-en
Behavioral task
behavioral10
Sample
dnssec-signzone.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
host.exe
Resource
win7-20231023-en
Behavioral task
behavioral12
Sample
host.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral13
Sample
libbind9.dll
Resource
win7-20231025-en
Behavioral task
behavioral14
Sample
libbind9.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral15
Sample
libdns.dll
Resource
win7-20231020-en
Behavioral task
behavioral16
Sample
libdns.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral17
Sample
libeay32.dll
Resource
win7-20231023-en
Behavioral task
behavioral18
Sample
libeay32.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral19
Sample
libisc.dll
Resource
win7-20231020-en
Behavioral task
behavioral20
Sample
libisc.dll
Resource
win10v2004-20231020-en
Behavioral task
behavioral21
Sample
libisccc.dll
Resource
win7-20231020-en
Behavioral task
behavioral22
Sample
libisccc.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral23
Sample
libisccfg.dll
Resource
win7-20231025-en
Behavioral task
behavioral24
Sample
libisccfg.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral25
Sample
liblwres.dll
Resource
win7-20231023-en
Behavioral task
behavioral26
Sample
liblwres.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral27
Sample
named-checkconf.exe
Resource
win7-20231020-en
Behavioral task
behavioral28
Sample
named-checkconf.exe
Resource
win10v2004-20231025-en
Behavioral task
behavioral29
Sample
named-checkzone.exe
Resource
win7-20231025-en
Behavioral task
behavioral30
Sample
named-checkzone.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral31
Sample
named.exe
Resource
win7-20231020-en
Behavioral task
behavioral32
Sample
named.exe
Resource
win10v2004-20231023-en
General
-
Target
libisccfg.dll
-
Size
108KB
-
MD5
122f406a8f415ea977b6291ce1f6c6d0
-
SHA1
ffa154a544639579c61ab19885320cf8042fbbf2
-
SHA256
7c01b51c944b6142aff086bf21b7ee152836605d26dd977111142a9b43b6ffd5
-
SHA512
4331b10b3c5d0688d6d3ad818c482727284bb8317c5ad59edf031b6c62b1efa2b766717ac039d6152b522707a48360771dcb88c305103e49f9b2185bd1123e8c
-
SSDEEP
768:VC1w2/mpdeUXzrXbeC41YDVw5kFtuCumEcDKBz+gpK5Jc7GU15x6rLjPYsgx:Vqnepow41MyMtrbgpK54GU1eLjAsgx
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeManageVolumePrivilege 1612 svchost.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1156 wrote to memory of 4612 1156 rundll32.exe 87 PID 1156 wrote to memory of 4612 1156 rundll32.exe 87 PID 1156 wrote to memory of 4612 1156 rundll32.exe 87
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\libisccfg.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1156 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\libisccfg.dll,#12⤵PID:4612
-
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵PID:4336
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1612
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD5b3e0268328b99777ddd9f7334e9dea3c
SHA11f894331c903b3e2baf4b5dfdc0b37f47d5e6b0f
SHA25698456c8196bfdc9bc4efdea7686ddca81cf8e6e30b540c038f04c30799fb691d
SHA512e4080a631b15c645bfba77f106629db6d0acc1243917b3cd921c135902987ae47db3c213692b643007f8cae98f2d5da184de74a57703461a424f62c4f0ffced4