Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7DNFMulti.exe
windows7-x64
1DNFMulti.exe
windows10-2004-x64
1DNF双开�...��.exe
windows7-x64
1DNF双开�...��.exe
windows10-2004-x64
1ImeHook.dll
windows7-x64
1ImeHook.dll
windows10-2004-x64
3ImeHook.dll
windows7-x64
1ImeHook.dll
windows10-2004-x64
1dnf_sync.dll
windows7-x64
1dnf_sync.dll
windows10-2004-x64
1temp7891.dll
windows7-x64
7temp7891.dll
windows10-2004-x64
7Analysis
-
max time kernel
128s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 13:00
Behavioral task
behavioral1
Sample
DNFMulti.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
DNFMulti.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
DNF双开同步免费版.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
DNF双开同步免费版.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
ImeHook.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
ImeHook.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
ImeHook.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
ImeHook.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
dnf_sync.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
dnf_sync.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
temp7891.dll
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
temp7891.dll
Resource
win10v2004-20231215-en
General
-
Target
ImeHook.dll
-
Size
16KB
-
MD5
deded28d23751c4aa242dc1a4536528f
-
SHA1
3de9f1d13bf371ae2a1a64ce3f7ffc68cdf227c9
-
SHA256
165886f070a708d72cf6bad5ca03aae4a866df5d2dbde33d28f6363e3667ecc7
-
SHA512
ed76c347feee85c812095fb2ed44a4be7d3a941e1d7b7acff883bb2f8f20fb79454479016cea276b0f163b22e75236eb9f8e808dad11f67b9be1ecacc149107b
-
SSDEEP
384:zqIiqiqTxtKyegtVsilJJur5Jsq8ILKOLLvYiDsssjVPa5:ZizqFtxeosQJ8r3sFkL7sv6
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2952 4756 WerFault.exe 14 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 868 wrote to memory of 4756 868 rundll32.exe 14 PID 868 wrote to memory of 4756 868 rundll32.exe 14 PID 868 wrote to memory of 4756 868 rundll32.exe 14
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ImeHook.dll,#11⤵PID:4756
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 6322⤵
- Program crash
PID:2952
-
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ImeHook.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:868
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4756 -ip 47561⤵PID:1436