Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

8d15413f57...53.dll

windows7-x64

8

8d15413f57...53.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2024, 18:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d15413f5735e60f713fde948344c453.dll

  • Size

    201KB

  • MD5

    8d15413f5735e60f713fde948344c453

  • SHA1

    e5f5d0e68dba35b28856336333be1ef20c5d98be

  • SHA256

    30a32baba290c0515d3c98b33880e78c56a0ffd018013dcba1b92bea2d7e7921

  • SHA512

    2e27ce060e2cadcab22355e3b83456dcb03b567c168addb8ecbf5008dadddb9482810156bc12fe36c168666670777280b55316f77f8012a153214e7c7d21327a

  • SSDEEP

    6144:hj+HytMv9Ki7fItnMjnLJJyuysnRo9sApoS:p9evIirMnM80C1poS

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2732 CREDAT:275457 /prefetch:2
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2280
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2732
  • C:\Windows\system32\ctfmon.exe
    ctfmon.exe
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:3048
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2712
  • C:\Windows\SysWOW64\notepad.exe
    notepad.exe
    1⤵
    • Modifies Internet Explorer Protected Mode
    • Modifies Internet Explorer Protected Mode Banner
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    PID:2456
  • C:\Windows\SysWOW64\explorer.exe
    explorer.exe
    1⤵
      PID:2352
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d15413f5735e60f713fde948344c453.dll,#1
      1⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2364
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        2⤵
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:524
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d15413f5735e60f713fde948344c453.dll,#1
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2416

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d96601c2042e1c441f441794673f8bd0

      SHA1

      f9e701beddceb50512463d2c3ef143358b8a35a7

      SHA256

      23351460890253614bee59e7431900de5c1b51c7fcef97389b7525c8bdc3f828

      SHA512

      fe8034a41f0e2ed11de69ed54b346bebf17605627fa96a28d9692d611150c2a60253daa61d054a1f39de137f5faaf96b4843f07bddf60dd41a7ca7113d77a239

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fc8df36ff6808983150b5e2cec9c3ac2

      SHA1

      61636b6e768a9da79c40758cc95cfe769ac1f3d6

      SHA256

      44f6b1ec2e9d95365e96708ca64dea9b740989af0b7ceccd062779630dbbde0f

      SHA512

      b19e69463d38d8c41ed08047dd6a03b24fd57f6bfeae826804da37b2625d133e71a554fdffd684face9366f77256fa176a5285f8a391261e9b26230ce004b716

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ac6011167e42595e7e59b4556f19ad30

      SHA1

      6a6faa4758e6ae61752a52cd57a912b070ffe2e1

      SHA256

      b7567333bf1a8ae3149f15e6aaccf32f01b1aba9799508f7b5e22004707a1565

      SHA512

      e652e75c59d3ba140b6224c90ebeafa9e83a698257a637e2df9a069905e8961a299488359ed2110255eaedc04f618acd4990bc4f7bb36435c27194f5203e5fb0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      10d11fd3bdb2449f3c517be373035d83

      SHA1

      aa6feec734475e287b93e4c8dc670fcbc3ea60cd

      SHA256

      42d5a5e4c569e28f57efb0bc67eaf7f0af3d69a11ca9b2e787ac8b7440588b84

      SHA512

      8f3185a20ec445efefb5feb9595dbfa066c82dfa34d581942d0328cac04cb30aad86a2367917fc0d239fc0ef14ad3ef53cae378eac65f931325d4c7a21608c6e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8a5fe9dac2ba2bbcc941b15e7a92c8e0

      SHA1

      d3829ee0a018838a8d304f84fb546a8abbaf86e8

      SHA256

      d879d688c0278b553dfd8ecde8bfe5dbdfc1f8d592b34c27db6e5543f48cd57c

      SHA512

      89302c904cb5661fa98df56ad41feced8567f5739a752844485972a6a8e6a7f5d6ff2d742b9e8c77324e6c1d199a1a2e9fd9b15541115f93258f1b3196fb7439

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d875940d3fcc22813b8dc65e5f767500

      SHA1

      d1d4b5cbb6a3c082bf529b72091b90c2ccccf155

      SHA256

      b074d4c0a65119c301457c97e4c775c1271c6f9425ddf544989e57f02ec612a0

      SHA512

      6482681f3a7109b695b9956b77ce0611cf3260cbfb8cbc9db319b4954d9043f3178d08c4f43cacc957d6191c2b0daf9191de3876942353a0d06b207dcd058f25

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      921cdfe059cafb0d70b7b4307dc5cfe6

      SHA1

      444915b2557c12791118ca0f1c5455077a05ea6b

      SHA256

      034d14bdae18024bab3566ba8d057a883e43f5ecc90abf6ec355897828b81b9e

      SHA512

      ec3eaf279ca0e2ffd7f39eedab2f55c4c39be899eaf31468ac939705d783269bdd04c41b3f151444f708632370a75e0536244b061f9226eff366e1d214363b47

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      11971a275d9b947f5e6c73533a7b6743

      SHA1

      09c38c03ffd305efe0192333dd81c5b224208000

      SHA256

      9e11f6d88b55bab723d3df2568cad137d374402e76e90f2b53804ffc4521f454

      SHA512

      51346fa7040acd952146ca2e4a8a00b7e1b7a1cfc6163a1fe5876843f7176b63c45da324d8f2bd145859e816f0dc678f657cc0a68848d4d9949854b3090a1709

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      351596c589da96f65c348ecf8060c9a8

      SHA1

      ddaa973720071ce8a724a1f0ae5963919f67a1a8

      SHA256

      a4de9af6eead3edd87003be4e2c957789eeb74d40bd7f8c952b53bec36716d8d

      SHA512

      280b3519907bf0f770df03635e72408c057000f625c8becb7d0a8bdcf9c606a149bbd339b81c5fa14dc930964112ff3288bda5c9753ccd31ff873ab428f98a98

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      264f4f2cdf54a5006b19227cdcf87649

      SHA1

      57b82da5d96660286ff81a124a016d64d9b49f4f

      SHA256

      9a45c7a5fa53b84b42b125691d968d643651bf18d0308e4cf772219035925809

      SHA512

      0c923cfea3f73a8a1e91b2473fe7f39ff8c808e096f8922782691fe821ee439750c05acb9b6b80fef1d29313006195b61f57e3bf2b68b034e57f51eb3b1980c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      338939461cc959a45599f3b0bfadf89b

      SHA1

      23497811282bb0d3732e62fd1c87cec1e14d17bc

      SHA256

      d093078e88a04c55ad1690d8a91c5a83ae1bd85c5f230b068b3cf31c3fb0cc1f

      SHA512

      0ef4b8323ed5af9a41f77d50d787c40933bece5e355d2bd59205c076ca7cca452bac1de631f74cba89c6ffb693d9a466202bf84a7945c5e165eed9102b9cc510

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      39994b61bf0931c76853d443d1f01917

      SHA1

      02f3bfa2b9e8937bb2564736e121a85e40b93f61

      SHA256

      f5917d8ccb61eaf446fc88008bdc6a3a3dcb02b3111d22ea3035c2b2f1d535b6

      SHA512

      5b17d69f7a5c6ef5943a835bf744a06a4331b93e47ea80e4c1265fd70cf2eb025ddcb8dcbfd91c66775ab65a0f36882194ce882d5fa81084484937dbceeeddfd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7f71f8ca3103546d8f813e3294f62a29

      SHA1

      9fc73b24d1bff1d2005f1e23d5523551417359d3

      SHA256

      704c1fb9bbc958eb5ae0bdab99b7b605bf015ce6d6b3474d3680ca01d1938d5b

      SHA512

      11452d7f69ddf7c77832f6d6ef331f50d6723d91745b031fb28875189137f3f9ad93ee09e1ffa0556473e3ae63fe16f76d6e44eb58995c3a5293b12488bd2c0b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dd88b07e5d2c0083a86e7323d868e485

      SHA1

      affbc0b3fe9564289a9b51f50ac64c2ad08910b6

      SHA256

      96ecae0c15524a1eae4aa567cbe8336cebd9323743da7425bdfb673a591db6ee

      SHA512

      49dc3cadb7445957d2982b078a305854e3f6ed0d86520a9af3ed9ab334a477640e03902dd047fd1860f29adfdf7809ac85016a2f9b3d6b1d814d15632f4b7a5a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2713c86d821e6c95585bd67410a6986b

      SHA1

      ba988806f302df24a20bd17a588c4de9ed920504

      SHA256

      8d374a14f94d8c8a51b8b8dfc0f4b9c4e00ce818d5c6fef5ee06806090971bba

      SHA512

      52de46cb0422b610d8be1a2723b790924fc491aa7be62735ff68a9844320cd1fa87e9723857c32e384dda055bcacabcb78a09abde7bd6ef4c609f39c48ae660c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d5ba6383b95b87391b15e4965b0008bc

      SHA1

      70819547f485222df93244b6ee9c2ada2d83de86

      SHA256

      38bfe79abf22a0d41363c40f7f8d899537216771882d332bcff7925320af01e4

      SHA512

      78e9fb80804fd153d9d5e183bd225189abf1edaa864b893da5806555c3056263c261f8ed0121f718ee2a29abb867b48ec74d70a466a5eceb7cf97e293ea5b3d6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a047f06016009b5e46e9a12e4c42af34

      SHA1

      9afe5844ddb88de37e18aa61b958a8af77872301

      SHA256

      2b354937c034b440fd00d0bd0283e3afde0f1698839d1f97e3cc3cb763e86a1d

      SHA512

      6107de3769e51a4f99cb8d468a026285b2b003a3c71cc7d7165442fddf8ea0ccb9fd68a0459002ad6dca6f5db64906fd7e4ad1ad823cf4a230ba8d5672924454

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      686443c8f0a3e38c453f37cb14cefc63

      SHA1

      64c02648cf8bc43f7bdd9eab9247a462fc712344

      SHA256

      e7cdc30bb356e3f30e02ee6c752ee2afdf25f8f39416f708b94e72bdc839cd82

      SHA512

      df3029d5e6b4e24a9f5703ff29112a15051e4f38ad539e74c4093c9f4397c953339a8f56025584a5f7f97246a38d84e06ae1946d046c866a6bdc93c94b549dea

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cfd5ff29bfd45e27ca744ecd5fdd46fc

      SHA1

      a13344c78f4efa425f7ae9a78e22e8a1f715d88d

      SHA256

      3a5ab9c06ad5e61d248de32225b446143e5638df0b319367c454768a33a3d705

      SHA512

      231e1558d964186dddff8a7ddfcae2cdc1dfbcb4eed9de749947dfa5a7d0a953e5d2d8d420c976de27b7ef98630013d835a36a2722b2d34fbc14b008ef910bcb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f0f001da6aed59f9f3b88535796c663e

      SHA1

      a38a9fd3626f114b97a8578757eeca57b76542fd

      SHA256

      147ae33afc138af7c061e5afdd686d9ffcb7cc0472072ec9330ee39b5d932011

      SHA512

      ac56d42d5e4e5d45c28b2bed6725e38e32154f0feaa14765e98f73819125a3e7d0903b1b9d7f2f8e0755e72c565d47f507bb0385b1eff40ec0197fe700faec7d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d23f23037744fccf4d49fa2df8b1ef57

      SHA1

      ff7cb8adc9e0d50e51c887d1f16565b65ca689a7

      SHA256

      9362a63f57a5a2875ab01980fad3498eb87b8e3a5bf1d09de598b83b8f42351e

      SHA512

      b90041f4272e99234a1da44868d81de5623311ed3f2c97ffea2e8d8ae980d4d9977aa693e6c5a9c30a24ea55e2257821b42a26f1a04d3abd442eba7025bacf24

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      49ddf474ff7732eb97d5dae8c767375b

      SHA1

      c6c2ec47ca683f040e8f516dcb44566991285410

      SHA256

      dd40aee179fee1f7174e6445cc0a1dbc11d564a3ea66327ae614714dbf71d246

      SHA512

      e755fd334b4ccba3ab9275233e04ab28eb51e53774388fc29de519b11049184224a144328c1bbd6741ffb74ecbce070ee236a62799de4b5871fa6e620fb4cbd9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ae47fa772cbdbf25766ae754cb62c2ac

      SHA1

      79f96d364f0646eb29347d318cd906a1248aade8

      SHA256

      1883206ad420e22888c6bd979cd9b8d5f8e39fcf6f375216d5c2417bcb1dcdeb

      SHA512

      a00e335949b9ca0678a30cb9a5b154de4777eae0bb2595598348c6feb97a607f3f87f00ecdd558528f98159d20eb71150debf4a6d364849ed2d99904985cd496

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab1893.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar18F3.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/524-15-0x0000000000510000-0x000000000057A000-memory.dmp

      Filesize

      424KB

      Download

    • memory/524-14-0x0000000000510000-0x000000000057A000-memory.dmp

      Filesize

      424KB

      Download

    • memory/524-17-0x0000000000510000-0x000000000057A000-memory.dmp

      Filesize

      424KB

      Download

    • memory/2364-0-0x0000000000240000-0x00000000002AA000-memory.dmp

      Filesize

      424KB

      Download

    • memory/2364-3-0x0000000000240000-0x00000000002AA000-memory.dmp

      Filesize

      424KB

      Download

    • memory/2364-2-0x0000000000120000-0x0000000000134000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2364-1-0x0000000000240000-0x00000000002AA000-memory.dmp

      Filesize

      424KB

      Download

    • memory/2456-10-0x0000000002AF0000-0x0000000002B5A000-memory.dmp

      Filesize

      424KB

      Download

    • memory/2456-11-0x0000000000280000-0x0000000000282000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2456-9-0x0000000002AF0000-0x0000000002B5A000-memory.dmp

      Filesize

      424KB

      Download

    • memory/2456-16-0x0000000002AF0000-0x0000000002B5A000-memory.dmp

      Filesize

      424KB

      Download

    • memory/2456-7-0x00000000001F0000-0x00000000001F1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2712-5-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2712-6-0x0000000003A40000-0x0000000003A50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2712-18-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download