Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

VirusShare...8c.dll

windows7-x64

7

VirusShare...8c.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 21:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_0c171a59a3dfc56f1dae15aabeec478c.dll

  • Size

    230KB

  • MD5

    0c171a59a3dfc56f1dae15aabeec478c

  • SHA1

    11ad2d2cd18443e8ba4615c2c745169f8693fa7a

  • SHA256

    7ae4acc4e32eca89deacde3130020d8b4d9d6d59c5278bfea9a959d6667d179a

  • SHA512

    a8da715a2404c7d422c4763d99e21c020b5a73e1cc1c7d6c7776727dd7e8b133dbb2a42c129350fe4e21d7c075c4185f52fbd2bb5c286b269b0ee520b27b02f6

  • SSDEEP

    3072:CPsLPg3ljGfjnUHiuc3WIJp4JI/4m/+65KXwsKf7GxnD:CUojGbiiVoI/2kKXwshD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Protected Mode 1 TTPs 5 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 9 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_0c171a59a3dfc56f1dae15aabeec478c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1836
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_0c171a59a3dfc56f1dae15aabeec478c.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:2528
      • C:\PROGRA~3\lsass.exe
        C:\PROGRA~3\lsass.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_0c171a59a3dfc56f1dae15aabeec478c.dll,GOF1
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2036
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2576
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2752
          • C:\Windows\system32\ctfmon.exe
            ctfmon.exe
            5⤵
              PID:2564

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\PROGRA~3\c874ceebaa51ead1f65cfd3a95a171c0_erahSsuriV.pad
      Filesize

      79.2MB

      MD5

      0faae9a8d139d1b160ed1435133140bd

      SHA1

      671e808a6f013474f483b45e98f19222f57f38b7

      SHA256

      288f31f43415d70d7fa827c3676c6ab6529598df990ad56af26ed8339b8d7096

      SHA512

      693d6dc32b3857d3503329f20fbc763193ece13ce619a1e4d6e8571e58e5dd32ee2cec1ac297c38a82f7c3c6147ec78bf399fd7e6b7272d56f13177121f86e32

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ddf0024237f2b120b12057c9899d7025

      SHA1

      d08387baa861cb6cbe0d9b019e808ca648173c87

      SHA256

      94dcda31b9c80399a842294450e9cac96934decfbe721f6a6cabafb0d9c4931f

      SHA512

      68334416008854e62ea0fd89582bd57db1023cf7f7739c179a5883057f08b7d9a234d626ff82aa63de733bb6bb2fbb2e4ae46fe5896d96c86bd1cf137ee50e40

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6c6bf34d6bf0001c82529ca71dfbf806

      SHA1

      fc40a80c257d520ab218dc547f9c7b75ed550950

      SHA256

      8f4dbd7c94c2e63ea4dbec4f60b4f85eb01643ed1cae40c13788329d7407ff9c

      SHA512

      ef3b1a3522a668641e119572df33a9bc652de0db4f6a7d9e5edc1c63c1a7a80141f683065a5950d8ae97517ef7d6d51eec0f4648c30bc12a6edcdf4e5762297c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      26ac744f23d6686c3886834ff288df97

      SHA1

      36121254dded14d49232b2f73b49b31e2c9b03b7

      SHA256

      c790fde69d8afea9b74f27fee1b35d2b6658c48f69f99e453474ee64fc3ca9fd

      SHA512

      fa0dc29590a4e5009ec7235d28cd8ad948ff8b70a1e4c6a2b7a83bf0122486e595d9217513e4d083cbbaa41d1f37eef35d1b8401e074cb501e5a07ccca709e77

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1e4f82f2fba4ffb72fce3a941995798c

      SHA1

      73ec586cae3ab0c2ecc9782213786f82a3969f06

      SHA256

      415f7c98ff69c2d9045d3aa8787acd2660e3db012474643c2cdda87722747321

      SHA512

      7335d815b1e71f23ec21b15d1e9c030dfb801beed82042282b94fa9d3f713155b772d8458103bac7fc7dc6ed105b2f153fe7ab9b26d1fd4b6a3d3ade17621189

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d7889f4c746f329fdd27849182da2b78

      SHA1

      a8dcc8e1e893d3855cd0d23229be985da51939de

      SHA256

      fab7739fdfa4468211cd517d0bb7892fffdf4901e40e5d6da273e5a0586d1135

      SHA512

      86d56c017d4d0b8bc9742d106bc162de07e5049b119b94ce0cec11a9cf57297db4242a4075fbad41d44e8b2943cf4b4398c7854a9bfed6ccf30b2031ff821e3f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      87ef1e765f421638df049cc6e7d01495

      SHA1

      b1471a82b306895757fc64598b34992c86b986fc

      SHA256

      cde3e01df61812ef42da6f16ba655eba3a294ced0001b4531e337e650b2c3a7f

      SHA512

      e37bfd6018c0878cab2e3e895e02b3e7d3dede5fd529354e57475f8570c9061f05d5c4ad6619d54e3cc3f803dd5a4ab1ad7474d5eaa288c56c1619f7254ada0b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0e744ed28c79e57500a5581040f52afb

      SHA1

      33617c3ebd79049763f37c1eabd21e4dddc8af55

      SHA256

      768bdba95feeba263b736f54dafa4faa554afc9fc614be1de36cad89369788f4

      SHA512

      aa76f6ee9f8b6c00f33d8c6cdba84aedd2ccebc4dffe3742b3b72fd23e1113942b5b214d1502dc246ebc5a6f00a024482013341661a1942a48849477456f7b77

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a7e94b666a31f08a836e64506b33d82a

      SHA1

      7de6399a20eb908efd60c633f0c6f8e94c2f0bd8

      SHA256

      6510026fdbc05e303659f83e979a48ccf9a05b1f3cf4d656e14474fe47a29add

      SHA512

      2126393669494eebab227721f4075e3be5bcc246aceccb037d358f4e0fa07db3bbb708dd47613aad66fe9f807979e2db309862bbd01913bad71d55cd0db94766

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a8110deb6de89cce53b8085d072e1785

      SHA1

      94868316f1ab9715625f0f66fc4f1f3544846b1e

      SHA256

      407a0f8a097b889e1bde78f03ac53787b6d48160ad13d5da159ea6fd31c2a281

      SHA512

      ba54e43562bbb20267b8755b2af613d9230fb96a803564e0f8fd161bd0235ac9068c717ff30f093389e87c92d1b7421b4a4eccbc0b6e579a4ed93bad07386116

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b85f4d2c6d2a0a222fda0ee0312db3d9

      SHA1

      c116d8a2f779518ea8f3c908a0fab6b3cdc71401

      SHA256

      9a65f83d6d950f910acb5c23c212bbacd436a122f4600f8cd963679f36708944

      SHA512

      fa3b2ef066fbcee21602720b146356889995ba46f4fd03b1741775e00c9b549c1960555ef4b219266d4ad60426f4ca5601d5d4eb6d444f950365556ddcbe38fc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9a76679c1afafd55f4aee748ca877496

      SHA1

      be256f2fc5865c81a7deead5648a7fdedc60d3ed

      SHA256

      176ba3410ec9d4d859bdb84e9e6f44400b36b629b9513fff9aea44525fb73761

      SHA512

      b748a65edc5bb4db7e797388d332ab2c382b7dc708a0d2e9a35868ee522f6d76ecbde2ef3e72ad0ec8301c509e31919a4be8c3db7e5ac513a258a485fc95ea5c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7d376252556d693d1e7d04b2bf7e19ee

      SHA1

      2403cf5d18e967cf02eaf9bd711eededf727cf70

      SHA256

      ea4c3f15e932525452fe9e29e6890c2aacaa8329575e770a7b9749d18aeb0e10

      SHA512

      7d754886979f074f78d3ea7b8cf0706f9ec5d5ade6525d9831acfa1cfc2ecff2db862f7b38ca2b49e87210590eb69a47e1adc053a1dcc14a218a025b45c0763b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      83806ffbbceadd1e656ba9a4454863cb

      SHA1

      65ca6c0f1f3a3e2064e8a38c328e708c8eec9148

      SHA256

      c337e443d0180bfa357304e0b0612872171ccf885cacad36acfa048981836556

      SHA512

      9ddaf94da95f6e3825e97b8a9f811008fc67ead28e3eabc734509428a6d2c59603eee224038d400a959b2e7b4770db96e14a69706314ff8235249940e85be80c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fe27862e3743ea761782830c7dd2ba16

      SHA1

      9cf293359c95e5ac3258ba7b8f13f6a204f73031

      SHA256

      9ad8306f949476a6cf2d4aec5655f2686e47a611cad7a74965885b920d094f11

      SHA512

      7154961282b41816f8a879e650e6a5e2f040bb8b62a38e761b24663595fd4f984a55fae3940352c9fc2030b114f1273a07f9c4c7be680964a6ea8a13a140a163

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      46d5e6cb6f3981f3dc18c13c5b314a2c

      SHA1

      e872ac3cf2e895bc88e61d6c79eae888612582a9

      SHA256

      94f13e42ffbc98dd7523e837b249ba72abf9737eaf24361ac0535664e47f07d8

      SHA512

      5cd2bebb57cff0f9789810c25fd04613e4e43bcd574093de5534afd87c3bc1394fed241190d38b58fd6bd29b4539ed02dbd45c1b7c547a641ddb4ba7708cf39a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      974dc18b24e4f56faabf85905eb9089d

      SHA1

      d25924e83e5400c5fc75c52a642c98f50fb18c84

      SHA256

      33157935490704eea25a07939cfbc409c9cddd62cd4966888061a27843645e9e

      SHA512

      b68e89d588bcc79c87e5fd2d46ef186ee2f3611f8855eda4bdd24c90344cacd3706adb6573e80b7dc86f523488584b9195fc93cbe8859bc4278067dad0fea20f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      72734d1681a24aa80ead68aa941ec37f

      SHA1

      291f4429fc65177cf7f944ac75747b124db064f9

      SHA256

      818491c26f064abc97a2e3abae75d406d41424d6053e50d8620d2ed2789bed14

      SHA512

      057b34b2b520f67c7bf4931e12823a702bc9f923d8119d38e8b23aea029c506359383d2231ee946e7405defa41a570c2f06de1176349f30af500aed6aa906f40

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6732f253dc5143cdb88265fbdefd8693

      SHA1

      0c21246836bfca1a422bd72d16a82eff81ebe4b3

      SHA256

      15dc93eb186d61e481345f4420b92a563f5613a64ff461f5573354918a7c20b0

      SHA512

      343454ba36c24821708b11f52424d1be75a427f4ccdb60d7124eb3c69e35007357bbd0aff45e56f979bfc5f261fc64bc0eb803229a6667aa19a3983bf156eebd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7D4E.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar7E2B.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • \PROGRA~3\lsass.exe
      Filesize

      43KB

      MD5

      51138beea3e2c21ec44d0932c71762a8

      SHA1

      8939cf35447b22dd2c6e6f443446acc1bf986d58

      SHA256

      5ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124

      SHA512

      794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d

      Download Submit

    • memory/2036-15-0x0000000000240000-0x0000000000262000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2036-26-0x0000000000240000-0x0000000000262000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2036-27-0x0000000000240000-0x0000000000262000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2036-490-0x0000000000240000-0x0000000000262000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2036-14-0x00000000001C0000-0x00000000001E2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2036-12-0x0000000010000000-0x000000001003D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2528-18-0x0000000000710000-0x0000000000732000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2528-9-0x0000000000710000-0x0000000000732000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2528-20-0x0000000000710000-0x0000000000732000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2528-7-0x0000000000670000-0x0000000000692000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2528-16-0x0000000000710000-0x0000000000732000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2528-0-0x0000000010000000-0x000000001003D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2528-4-0x0000000000710000-0x0000000000732000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2528-21-0x0000000000710000-0x0000000000732000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2528-3-0x0000000010000000-0x000000001003D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/2528-1-0x0000000010000000-0x000000001003D000-memory.dmp

      Filesize

      244KB

      Download