Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7DNFMulti.exe
windows7-x64
1DNFMulti.exe
windows10-2004-x64
1DNF双开�...��.exe
windows7-x64
1DNF双开�...��.exe
windows10-2004-x64
1ImeHook.dll
windows7-x64
1ImeHook.dll
windows10-2004-x64
3ImeHook.dll
windows7-x64
1ImeHook.dll
windows10-2004-x64
1dnf_sync.dll
windows7-x64
1dnf_sync.dll
windows10-2004-x64
1temp7891.dll
windows7-x64
7temp7891.dll
windows10-2004-x64
7Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 13:00
Behavioral task
behavioral1
Sample
DNFMulti.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
DNFMulti.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
DNF双开同步免费版.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
DNF双开同步免费版.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
ImeHook.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
ImeHook.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
ImeHook.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
ImeHook.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
dnf_sync.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
dnf_sync.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
temp7891.dll
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
temp7891.dll
Resource
win10v2004-20231215-en
General
-
Target
dnf_sync.dll
-
Size
233KB
-
MD5
78d364e60475c71f2ab69386c20d1bdf
-
SHA1
e05de572be0014f51437722922a59a45b99dad5a
-
SHA256
e550d88a95607f490df63e85cf2a3376ccea25ca78eb4f2cc17079414476ec6a
-
SHA512
efa45412360d9ee66e37955944569ffaec6e1013c92d7a245e822c42776b77834358be3c2ed5969eaa69c11cabafd231cea79e253a6a163a77669f0e87ff72aa
-
SSDEEP
3072:88ZPTYADIJgUWZd30BI56vhG4brlQG6Itg9:/PTYADIJ3WZd30eIvhG4b8
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2280 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2088 wrote to memory of 2280 2088 rundll32.exe 16 PID 2088 wrote to memory of 2280 2088 rundll32.exe 16 PID 2088 wrote to memory of 2280 2088 rundll32.exe 16 PID 2088 wrote to memory of 2280 2088 rundll32.exe 16 PID 2088 wrote to memory of 2280 2088 rundll32.exe 16 PID 2088 wrote to memory of 2280 2088 rundll32.exe 16 PID 2088 wrote to memory of 2280 2088 rundll32.exe 16
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dnf_sync.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dnf_sync.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:2280
-