Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7DNFMulti.exe
windows7-x64
1DNFMulti.exe
windows10-2004-x64
1DNF双开�...��.exe
windows7-x64
1DNF双开�...��.exe
windows10-2004-x64
1ImeHook.dll
windows7-x64
1ImeHook.dll
windows10-2004-x64
3ImeHook.dll
windows7-x64
1ImeHook.dll
windows10-2004-x64
1dnf_sync.dll
windows7-x64
1dnf_sync.dll
windows10-2004-x64
1temp7891.dll
windows7-x64
7temp7891.dll
windows10-2004-x64
7Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 13:00
Behavioral task
behavioral1
Sample
DNFMulti.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
DNFMulti.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
DNF双开同步免费版.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
DNF双开同步免费版.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
ImeHook.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
ImeHook.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
ImeHook.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
ImeHook.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
dnf_sync.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
dnf_sync.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
temp7891.dll
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
temp7891.dll
Resource
win10v2004-20231215-en
General
-
Target
ImeHook.dll
-
Size
17KB
-
MD5
927e34571447f7fd8a0722825065afc9
-
SHA1
9cf382cf0bf6330d10e391ac32172fc3be172e7d
-
SHA256
2e985d65f32d3918107a7b253aee42e211ae602b83689beb75cf771a89e07736
-
SHA512
9340b54f02ad7bd21b531036e99397a3300db7b9c7eadd29630298efaf906a99a4d63a93ba5a6919316bf4b86480b2291ae77e8249fc7b57e0a3c97023fffa92
-
SSDEEP
384:Vj0DebCk4b2igrcf18zlJmoGuO8Irq2lwmOLLvYiDsssjVnx:ubkfiqJm4h2lwfL7svx
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2992 wrote to memory of 3012 2992 rundll32.exe 16 PID 2992 wrote to memory of 3012 2992 rundll32.exe 16 PID 2992 wrote to memory of 3012 2992 rundll32.exe 16 PID 2992 wrote to memory of 3012 2992 rundll32.exe 16 PID 2992 wrote to memory of 3012 2992 rundll32.exe 16 PID 2992 wrote to memory of 3012 2992 rundll32.exe 16 PID 2992 wrote to memory of 3012 2992 rundll32.exe 16