Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

38ecc7d592...35.dll

windows7-x64

8

38ecc7d592...35.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    169s
  • max time network
    175s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 13:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    38ecc7d5925c74865593202c07ad7235.dll

  • Size

    634KB

  • MD5

    38ecc7d5925c74865593202c07ad7235

  • SHA1

    26bc0d81f8dcb7b9934bc9170c35e3dda5392861

  • SHA256

    5b8be73276a2447f9128724eb5563b34c7178a82b4e2e9bcfe56f60c87dc84d8

  • SHA512

    d954928453ab42610f7e33c383b7ac4421314f6c8baf8422673b882f8056559af8267816bc871e23ebf479f08dd96913089c5fd44129a61445ddea417662d679

  • SSDEEP

    12288:Ppt/90f0PsKJcH812JVrMa952t7FXGOFjTs3fsTq5lVDRdQ:z68POH8QJVr2djTq0eDFR

Score
8/10
persistence

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\38ecc7d5925c74865593202c07ad7235.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4928
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\38ecc7d5925c74865593202c07ad7235.dll,#1
      2⤵
      • Drops file in Drivers directory
      • Sets service image path in registry
      • Suspicious use of WriteProcessMemory
      PID:4984
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s C:\Users\Admin\AppData\Local\Temp\D0FC.tmp
        3⤵
        • Loads dropped DLL
        PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\D0FC.tmp
    Filesize

    71KB

    MD5

    ff62d9d6da30048dcee4eb1c6385c9fe

    SHA1

    b2d5e6a52378c30824a395077bb2c3be79c3fa73

    SHA256

    94f677280dda5223f6d1a3acaa2285a372e9f6e7aa46824cd8632dea25cde71c

    SHA512

    041845518c124fa0260abe1da11e7271908019030becf52896c3088739fb803530426df141c42f7238db77a77b1bbab9854c51198c0765f758c6976654b1f811

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\D0FC.tmp
    Filesize

    142KB

    MD5

    cd551aa397f7c7ca4e9014bfbb6e0b98

    SHA1

    03a3475328d770ab0ae76bddc0d908bc8b3003ed

    SHA256

    f8de72ef385066b5c9acd3758eba4f8177cdd33bd9c361424e24185de1f231f0

    SHA512

    3494469560617f6a30e40f6478063e47af9618681dd27bc6db5cbda8715eb12090ea1fd89e06791254ae14010d67cb1a46851d93df914addad2daef04c9fe2e2

    Download Submit

  • memory/2060-7-0x0000000002CC0000-0x0000000002D2B000-memory.dmp

    Filesize

    428KB

    Download

  • memory/2060-10-0x0000000010000000-0x000000001006A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/4984-0-0x0000000002BA0000-0x0000000002C34000-memory.dmp

    Filesize

    592KB

    Download

  • memory/4984-3-0x0000000010000000-0x0000000010093000-memory.dmp

    Filesize

    588KB

    Download

  • memory/4984-21-0x0000000002BA0000-0x0000000002C34000-memory.dmp

    Filesize

    592KB

    Download