Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

VirusShare...d5.dll

windows7-x64

6

VirusShare...d5.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    142s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 16:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_64f26f341dc59ee8c340fcae3ed2b4d5.dll

  • Size

    2.1MB

  • MD5

    64f26f341dc59ee8c340fcae3ed2b4d5

  • SHA1

    5bf2a4d34959007c1d7d85b45f8a2c5801636cb6

  • SHA256

    4fb409b42ecc1d03c557e804df5aba0ba721fc885e8b3e5b7032a2551275d4e0

  • SHA512

    b54bafc839e722e79e213d4babc303b9b123dfa78a7f622864058a2e0f58cc81b360db22eea67ba843397599a43b630218543d758dd2afbf070f96453eef579e

  • SSDEEP

    3072:da/fT8nSPDyBL4ORnMAhr1yw649iS3BAarBQ/sVsVuSOUwQka/:WT8nftDD/i+Aa1csmYSNp

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 4 IoCs
  • Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3508
      • C:\Windows\system32\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_64f26f341dc59ee8c340fcae3ed2b4d5.dll,#1
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:404
        • C:\Windows\SysWOW64\rundll32.exe
          rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_64f26f341dc59ee8c340fcae3ed2b4d5.dll,#1
          3⤵
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3444

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\PROGRA~3\lldiwocpol.dat
      Filesize

      15.7MB

      MD5

      bf4725fc0faf4278108fce2696ec1553

      SHA1

      2b53df9d9b9588a30b1dd98b695ea6b8d6fce44a

      SHA256

      dfc6d0bae02219f566a502b392fc20a36548ebdc72440a5235eb36f8f8786dee

      SHA512

      663e6c0e782aa0fb6fbd3af6ee228fe708e42a513ee774b7ea9a6039742f84980d73cdef053a8994d9821d9131fd488ab3e357d258daee144fc048928f927fb3

      Download Submit

    • C:\PROGRA~3\lopcowidll.dat
      Filesize

      3.3MB

      MD5

      0470da26136b28512691a43f97403a78

      SHA1

      6d6c920a23e7b181279f6c1379d30f2690d1b52d

      SHA256

      f56da63de2199596273de7660844849abbad125ba0bc09e024b1512279b3e9bd

      SHA512

      05ac28ff66b398311920aea7111cecf7972e414ffe7b7d512996daa7cd3b2281854a235ac3592b2f65fde7227a8a08973c81006799c6bd98c11eb32ce7603044

      Download Submit

    • memory/3444-0-0x0000000000400000-0x000000000044F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/3444-1-0x0000000000400000-0x000000000044F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/3444-2-0x0000000000AF0000-0x0000000000B3F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/3444-3-0x0000000000400000-0x000000000044F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/3444-17-0x0000000000400000-0x000000000044F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/3444-19-0x0000000000AF0000-0x0000000000B3F000-memory.dmp

      Filesize

      316KB

      Download