Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

The_app.rar

windows7-x64

3

The_app.rar

windows10-2004-x64

3

LOL/START ...LL.exe

windows7-x64

3

LOL/START ...LL.exe

windows10-2004-x64

1

LOL/lua5.1.dll

windows7-x64

3

LOL/lua5.1.dll

windows10-2004-x64

3

LOL/lua51.dll

windows7-x64

3

LOL/lua51.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    84s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/12/2023, 05:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    LOL/lua5.1.dll

  • Size

    327KB

  • MD5

    50f1d9f2093914c7712068608f3d66f2

  • SHA1

    c38c655526b9ba929f01259cd35abb65744448f0

  • SHA256

    ebeb211dfe4fce993d63206b2e3f284b569274db4730a8ee341ee81eccac9a5f

  • SHA512

    07841d260770288f34b3e6413f6044742d82794d0812d9d58ebb2b881f935ee7661c94acddcf3a25817a98168789de0e0e0a98baaddbac2ec097a3efdd22c9ac

  • SSDEEP

    6144:lpF7LK5bwfYggoCQxltnoqhMQ3WxAOj+JzOgmX:N7Igvnoz0Wx8xA

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\LOL\lua5.1.dll,#1
    1⤵
      PID:3864
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 600
        2⤵
        • Program crash
        PID:4384
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\LOL\lua5.1.dll,#1
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4416
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3864 -ip 3864
      1⤵
        PID:3464
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:2596
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
            PID:4140

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
            Filesize

            16KB

            MD5

            7ff314f3f507e8ed85c4f9ee71403063

            SHA1

            f54279c8273d54d3be1d32c425f4084cb64bf706

            SHA256

            990035040220937b18c1378b06507ab439bbd50936fa8331ee830e1c562c6685

            SHA512

            470cb4861a51c6cc340fbf8e934dffc0c0ff239f5b8dbbccab11dc7b5c4fae7cb22d110ac6f62c6ebe1ce45fe13893fb6b45a4beb7c75e82683f6730cf486d8b

            Download Submit

          • memory/4140-66-0x000002BBF9720000-0x000002BBF9721000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-35-0x000002BBF99C0000-0x000002BBF99C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-42-0x000002BBF99C0000-0x000002BBF99C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-40-0x000002BBF99C0000-0x000002BBF99C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-39-0x000002BBF99C0000-0x000002BBF99C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-38-0x000002BBF99C0000-0x000002BBF99C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-46-0x000002BBF95E0000-0x000002BBF95E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-68-0x000002BBF9830000-0x000002BBF9831000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-67-0x000002BBF9720000-0x000002BBF9721000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-52-0x000002BBF9510000-0x000002BBF9511000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-41-0x000002BBF99C0000-0x000002BBF99C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-64-0x000002BBF9710000-0x000002BBF9711000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-16-0x000002BBF13A0000-0x000002BBF13B0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4140-49-0x000002BBF95D0000-0x000002BBF95D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-44-0x000002BBF95D0000-0x000002BBF95D1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-43-0x000002BBF95E0000-0x000002BBF95E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-37-0x000002BBF99C0000-0x000002BBF99C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-36-0x000002BBF99C0000-0x000002BBF99C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-34-0x000002BBF99C0000-0x000002BBF99C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-33-0x000002BBF99C0000-0x000002BBF99C1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-32-0x000002BBF9990000-0x000002BBF9991000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4140-0-0x000002BBF12A0000-0x000002BBF12B0000-memory.dmp

            Filesize

            64KB

            Download