Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/02/2024, 16:12

General

  • Target

    VirusShare_849c748f9a37d4125779f6b31435d220.dll

  • Size

    156KB

  • MD5

    849c748f9a37d4125779f6b31435d220

  • SHA1

    ab26f79f3726b2a066f73f2711d8362486ff93ce

  • SHA256

    a7d1e0426d5ec9205c571cbafa558475f0a8fb701500a1353fd8fd5ad5a91c89

  • SHA512

    131d7c664211b581d061005ad6686e4dd2191727ced66b371dbc34895f2f426bc57d93c97da2ed39bd47b00154c96827d7d4868001a62e7f1027d0aea621468c

  • SSDEEP

    3072:NLkD7BY9kS2O0to3IzwtVgHtWt8PgIJY7Ctp:NLS7BCk1tWIiV0Wq3JY7C

Score
9/10
upx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 11 IoCs
  • Blocklisted process makes network request 3 IoCs
  • Loads dropped DLL 1 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_849c748f9a37d4125779f6b31435d220.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4432
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_849c748f9a37d4125779f6b31435d220.dll,#1
      2⤵
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:2400
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\system32\rundll32.exe C:\PROGRA~3\18t7g16j.cpp,XXS1
        3⤵
        • Blocklisted process makes network request
        • Loads dropped DLL
        • Drops file in Program Files directory
        PID:4744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\18t7g16j.cpp

    Filesize

    156KB

    MD5

    849c748f9a37d4125779f6b31435d220

    SHA1

    ab26f79f3726b2a066f73f2711d8362486ff93ce

    SHA256

    a7d1e0426d5ec9205c571cbafa558475f0a8fb701500a1353fd8fd5ad5a91c89

    SHA512

    131d7c664211b581d061005ad6686e4dd2191727ced66b371dbc34895f2f426bc57d93c97da2ed39bd47b00154c96827d7d4868001a62e7f1027d0aea621468c

  • C:\PROGRA~3\j61g7t81.fee

    Filesize

    90.6MB

    MD5

    5c71fe6debed22caf033932e729f4e2d

    SHA1

    851e007322f8f63cdfbe062c686c0f6cae175926

    SHA256

    af15c00cb1ebd8c5cfb4925d78fea1a2bc632f14b1cafd166271f8c23454ddc3

    SHA512

    33367fc939df13a3864b1a7ec85a457e9b3002c3946beff60dec0fb7c7707b0f7d034b9b443f81c2d8d3eaa3a06ad924fc272b1a006dbea8bc00993f4ecbb66e

  • memory/2400-17-0x000000000B000000-0x000000000B031000-memory.dmp

    Filesize

    196KB

  • memory/2400-2-0x0000000000D50000-0x0000000000D51000-memory.dmp

    Filesize

    4KB

  • memory/2400-3-0x000000000B000000-0x000000000B031000-memory.dmp

    Filesize

    196KB

  • memory/2400-4-0x000000000B000000-0x000000000B031000-memory.dmp

    Filesize

    196KB

  • memory/2400-0-0x000000000B000000-0x000000000B031000-memory.dmp

    Filesize

    196KB

  • memory/4744-11-0x000000000B000000-0x000000000B031000-memory.dmp

    Filesize

    196KB

  • memory/4744-10-0x000000000B000000-0x000000000B031000-memory.dmp

    Filesize

    196KB

  • memory/4744-23-0x000000000B000000-0x000000000B031000-memory.dmp

    Filesize

    196KB

  • memory/4744-34-0x000000000B000000-0x000000000B031000-memory.dmp

    Filesize

    196KB

  • memory/4744-51-0x000000000B000000-0x000000000B031000-memory.dmp

    Filesize

    196KB

  • memory/4744-86-0x000000000B000000-0x000000000B031000-memory.dmp

    Filesize

    196KB

  • memory/4744-230-0x000000000B000000-0x000000000B031000-memory.dmp

    Filesize

    196KB