Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

22978b1dc7...fc.dll

windows7-x64

7

22978b1dc7...fc.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    123s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 01:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22978b1dc77585965b8aca1f3882cafc.dll

  • Size

    219KB

  • MD5

    22978b1dc77585965b8aca1f3882cafc

  • SHA1

    3e1701eb2cacba660176f4837e0196711c26a1fe

  • SHA256

    340ab14b5bd0fdcce6adadcaed4f363ad7b77bda3cb72fa31f50df29cf0a8784

  • SHA512

    34f19ea66467c16240dc413d4db14ef225eaf814493d11e94ba7f948a6a6a66bb9ada4466df302f02e24a8f6b8828611218c336e6e546b499159f05fa4739f9c

  • SSDEEP

    3072:bz++Zp57WfuQtVoH4t7+UIooLafTc2iAprutqTqH965jxkFqatUrFjK:bz+OnutVoYN+dabt3rGX96VxkUJ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\22978b1dc77585965b8aca1f3882cafc.dll,#1
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1872
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2936
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\22978b1dc77585965b8aca1f3882cafc.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \??\c:\program files (x86)\cbgv\gvbaipngp.gif
    Filesize

    385KB

    MD5

    1e52b4ec27ff1501ad4e2067285ab051

    SHA1

    b724216cb61bdf9d946fbbda725fa4d9701b9869

    SHA256

    ea7c07befe8b76f4f6ddf0e073c0cdaf88e8980f01b872440ca3b66ae678e8fd

    SHA512

    da3c3dba95b10b38993f764781361a2ddc68cafb664d19ad7acac6fdaadb22a2b5db6127b3d3625cd4f66105cb9a456e5050f6606525e3bcdc8bced7bc85b666

    Download Submit

  • memory/1872-1-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1872-0-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2936-7-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download