Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3750a542541...00.exe
windows7-x64
3750a542541...00.exe
windows10-2004-x64
10$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
10$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
10$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
10Analysis
-
max time kernel
141s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/01/2024, 17:03
Static task
static1
Behavioral task
behavioral1
Sample
750a5425419f42ad6779adecb70c8d00.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
750a5425419f42ad6779adecb70c8d00.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ButtonLinker.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ButtonLinker.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/QvodInstaller.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/QvodInstaller.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20231215-en
General
-
Target
$PLUGINSDIR/QvodInstaller.dll
-
Size
253KB
-
MD5
7b619c99f2a6b1d661d9d860f2e3a3e8
-
SHA1
3d23eb82f64f9efd73ecd3885e6bf2db432ef326
-
SHA256
bb0d558fde429a9710109366b04e2bf7ea74d90d80f37323d857358e6c79c866
-
SHA512
79a221867e49f5bc1d0d7d10d7357d74e76b852bf609f72ee820722ac409d8c86f69526cdfb4e578d394818762f59fc4ca070ef5cef018b2ec65f9070f2cee97
-
SSDEEP
3072:/mM9bZmPixPEIT1S9+nsNGR5Ks4G3DUaIqq/to/WOTBf2xTHUNjsOP5KxtEWgGvK:/3APidsmKtG3IxOTB6T0NO/S
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1356 1560 WerFault.exe 85 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 988 wrote to memory of 1560 988 rundll32.exe 85 PID 988 wrote to memory of 1560 988 rundll32.exe 85 PID 988 wrote to memory of 1560 988 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\QvodInstaller.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:988 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\QvodInstaller.dll,#12⤵PID:1560
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 6723⤵
- Program crash
PID:1356
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1560 -ip 15601⤵PID:4924