Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

22978b1dc7...fc.dll

windows7-x64

7

22978b1dc7...fc.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    162s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 01:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22978b1dc77585965b8aca1f3882cafc.dll

  • Size

    219KB

  • MD5

    22978b1dc77585965b8aca1f3882cafc

  • SHA1

    3e1701eb2cacba660176f4837e0196711c26a1fe

  • SHA256

    340ab14b5bd0fdcce6adadcaed4f363ad7b77bda3cb72fa31f50df29cf0a8784

  • SHA512

    34f19ea66467c16240dc413d4db14ef225eaf814493d11e94ba7f948a6a6a66bb9ada4466df302f02e24a8f6b8828611218c336e6e546b499159f05fa4739f9c

  • SSDEEP

    3072:bz++Zp57WfuQtVoH4t7+UIooLafTc2iAprutqTqH965jxkFqatUrFjK:bz+OnutVoYN+dabt3rGX96VxkUJ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\22978b1dc77585965b8aca1f3882cafc.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\22978b1dc77585965b8aca1f3882cafc.dll,#1
      2⤵
      • Drops file in Program Files directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4012
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k imgsvc
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:3736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \??\c:\program files (x86)\cbgv\gvbaipngp.gif
    Filesize

    16.0MB

    MD5

    a5170f7e2bb114d9bc19621eaea9ee1b

    SHA1

    7fa9fbcd1e37d12afc9c1b95ec9c851ce5c00f19

    SHA256

    c44841893f19fb73b46ef095450d0a71b57d27564525468f7e342a3235c1a329

    SHA512

    e12e77cadd1fa2e27158e634dd15effb28e8ef8357fb363f5dfabcd3b92c071d8b089659c16c74930f4526d75d2b8a9709b8c3fe21bc0c2b55413a8746560636

    Download Submit

  • memory/3736-6-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download

  • memory/4012-0-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

    Download