Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

66df698cb0...60.dll

windows7-x64

3

66df698cb0...60.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66df698cb05de01a352563c9cdde2560.dll

  • Size

    406KB

  • MD5

    66df698cb05de01a352563c9cdde2560

  • SHA1

    0604ca00b007745550eb180667fa4a4ca1a1fc67

  • SHA256

    69e4e93dff6f8917d615f5bd43ddd169dac02ce6a66c35fc668fca97b1e29a1f

  • SHA512

    fe640d7be1aee9d9261950bc234e9d130119cc0d1401efd46ecc9cd0b71d9cba0c0ea94611b90b57cdcb968d7fbf54f577fe7c06704741538e1b1a709de35964

  • SSDEEP

    6144:x94UYYo/pATA7VboU5Ek8/yG6wKc9FFPAEVgQeeaQeetQeesQeeqxQeehQeeXv5K:/4UYYo/pATA7ZPSk2yG6wGEPiNP

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 31 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\66df698cb05de01a352563c9cdde2560.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c start http://www.facebook.com/little.deblonkz
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2868
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.facebook.com/little.deblonkz
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2632
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          PID:1392
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 408
      2⤵
      • Program crash
      PID:2772
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\66df698cb05de01a352563c9cdde2560.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f0e46aeeee3e5a6547535202ce9f7dca

    SHA1

    d2b8b1c3ad7a21fe4d6ca27c4a9cb459e16e3e00

    SHA256

    164b502cfd3f2c797c4c3449d76690cca309079d69d139e03c7bd96cf28c5613

    SHA512

    7d11cf49089574ef1bd17f1b7a197682580b476e72315d07bea8d7dfd78d51b4511288d2bb095479fcc311a41664b6d3dd7c6d9663fc426e82ff80f0f73b5958

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e604583fd38fe4616c3487404a4d4f5

    SHA1

    ea4baa5c0b9caa2c77bcce6cbf1d1bd2ba9e52b2

    SHA256

    9aeee86690e040c2d2a4197ea8b34345b05330568f32b6f0ddc8061d478090d4

    SHA512

    72b47218ed8af9657123b50404e62de703fbffd49be69180153bfc829d8b40c42f6436da3ecd38390966e400c8a78f1159c5025045fb744a8213081e6f095c58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    592e56ec2b429093f889b01807ba73b5

    SHA1

    53747be0b8bc094be5ec8799d9a1179dd29e3bb1

    SHA256

    c1a5bf2ed19e17f6a57c02100f1de3cec96ab7b6b9d30990aa2646280dd449e1

    SHA512

    a943937634cb2c05cbb1fac08cba3f3c357c200036821e8ecf74f70c33efb0b30bd4e8711136bc4c95aa807687c0673f1f5f5f68ab7c93639a831e24c4c99b0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c64c546310690c75ed50769db06fd75e

    SHA1

    53e83123f679c464ebe6046e8cbf3c8f9ea14b35

    SHA256

    0d62a5971eb552bf195642d095d214e9d7dff8772d8b992c44b7900c57872486

    SHA512

    cb24880b74bb4a60136009e9d969d02c9a96e311b4c38f58eede734dfc0550574899fa380a995f065e68db0380c9c9033c77b2a0798aa5c2abd98843b9fc3d2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df8f50fd0d4bb2b52e2bae12cfe936e2

    SHA1

    1ac5abd5b30e61e8f7ac256d85bd71ccd5f7a042

    SHA256

    2da293e9918c32f31df2ff4f6a063a3d4ef35b9dfadbb89cd8e06d6015577a3b

    SHA512

    83b0ac7e9fefcdfae408a1ad214991ab4a254312025cf8a5d05644a33604a4fa517e7f4b743187c7248d073ac911b8352e977136e0594de362a641bbd8b5592d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5b6d5e6a7141e59003bce52e9f5e889b

    SHA1

    a7b40b274e69a2fdb9f572062b5317419aaed875

    SHA256

    12bf42618c553f78095f786e9294a1685e4797799dafae620c9159cf0bfd5ccb

    SHA512

    c8462795e71ca50e55232c49ac6842c84a0fc0651cc8f947579efd180e29f9c2a9097bed312a9d47c75f034cbb4b23515d98d30f5e7f9be14669f8acbc7cb3dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a6ba18a0ace3f00ca22ef80b87b77fa4

    SHA1

    dc4e0d446f22db9839c538b9f293cbb8a43aeb4e

    SHA256

    b0482deeaff9d7b202590ae3f4c336788e9e5912152fe1ba37a67099809cd81e

    SHA512

    e7b4636470d5b022f42dd7e77cd0f8304f1a3a2e8abba60f112e7e99351f97dbae8c9fea657244f8064aa320c58a71f14d8206bcaec1125f14030542759d7915

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e7849961c44be367dc55d12bbb3d5280

    SHA1

    5eeef1671ab04ec41ed3d0dd4268c732c59c0f5a

    SHA256

    c8189566189c422fbbc32c6adef1b4000f76c707b3f6395781f4cb523e5ae2ef

    SHA512

    fa6103ce47123ea77fce34c07b36b487a039c866a76f65d03c375639455bb9a156b4d851d6c5a1030f5d6fdfc60c5324e1c8826038bc6fcd2a61d9fc004c4221

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3034918aa1e16bf8f49bb65cdff48a88

    SHA1

    f1a82cc1917fad6eef543c6214340d7966107b58

    SHA256

    f456a519d575fd2bc1e2815e74789a9aced63db2e1c09aef014726af6f227271

    SHA512

    e7b5720a65894c0912dbb8f7ff4ea29d46b0528b3312ee614264b24e29a4467a77fb37a6c966e64f0393a5146a7c73e30074453840078a42dbbc6d19b44af242

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8b696cac4b18b76156fa11bbbf76d81e

    SHA1

    68cced3d0f6bf662c14d97af3eda3f4922506b83

    SHA256

    b977fc5e03939039a94f48ec2f0cdce924339e1166fe109ce425656c576df63c

    SHA512

    61da265eb2cd53be35d6f031d24d6ff51c5b5d72389f568b41e08e021e91cb8f42c1e63e06b2f0bb2bcea4e26b6a5fe3c950ab0d864ab775741c31457425961d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ec60924cb7b61db4e88cb9d33a585ed

    SHA1

    bb56a81b895417c42282ba814ce9738b7cc2a7b5

    SHA256

    ce2996c2d2b4bd15245d3df359076271b6b0e677368531923c1577fb2ec64674

    SHA512

    005e1958455496929d23f0a185c0e69f8a8ec97c5b15d07fe41ece4af3f7a0dc16479fa7fe3cbe71e1b1c92ecbeda39910c9186e1375b084c06868f4dc7c2214

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\f9yyw0t\imagestore.dat
    Filesize

    6KB

    MD5

    441d6bc1a3d7ace1789eadea7861d6b8

    SHA1

    8525113868f4fe7f1cbce7e40aff7b00ab505f60

    SHA256

    e3c97974d7678c23e3467c68db7cbdc17aea5897fc272950e018fc946a828a18

    SHA512

    fec2773cc5c9b613bf19d6c86f5a9414c42fa383e7d3993532dd513dc362d6c7f495f114bec5973b6c80943551c5f0e144a7eb46f6e4b742fe322b160d5575ec

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A89I98IL\gB76kJXPYJV[1].png
    Filesize

    6KB

    MD5

    389dfa18be34d8cf767e06fd5cde4ec6

    SHA1

    47b751cffab47d076816c63ce08d3e84600376ee

    SHA256

    3c45ce612f41b1e7936e7cf5b235047344fd3146d1630e342f186d1d1e8e00d5

    SHA512

    c4db18f636ad85e87f93a208fb4b02b528659ba367e51cfa6d7826ac1159f445a85fbca8d12ac67556e8fb5208dae24ae309e783d50feb088ef0e9f47ac19430

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD1F1.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD252.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit