Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

VirusShare...78.dll

windows7-x64

9

VirusShare...78.dll

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07/02/2024, 06:11 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_c4210a26cc355b64ed5734df960b2b78.dll

  • Size

    209KB

  • MD5

    c4210a26cc355b64ed5734df960b2b78

  • SHA1

    d0716e4ee39e2caefc5844b35143a4d7e38ae4ec

  • SHA256

    838d2f9aa24bb10a81b1d750e116c443100f2be1093fc138e31621fd5911c460

  • SHA512

    f000f29368d3c77c14c901573995b05b3b252134af1a16c01e32e1bfb3d35195f1d220f380f7bf887851495c001d3b56dd86895ef608dac9e43f32f0da777f43

  • SSDEEP

    6144:T/q32rRjPhKuDkkLjp+ScgBKozpJ1XVSGuRq9M:myR9rIMHZBKI/XV2M

Score
9/10
evasionupx

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 5 IoCs
  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_c4210a26cc355b64ed5734df960b2b78.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_c4210a26cc355b64ed5734df960b2b78.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2336
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:1672
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2184
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2476
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2104
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2168
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2832

    Network

      No results found
    • 195.189.226.228:80
      IEXPLORE.EXE
      152 B
       120 B
       3
      3
    • 195.189.226.228:80
      IEXPLORE.EXE
      152 B
       120 B
       3
      3
    • 195.189.226.228:80
      IEXPLORE.EXE
      152 B
       120 B
       3
      3
    • 195.189.226.228:80
      IEXPLORE.EXE
      152 B
       120 B
       3
      3
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      iexplore.exe
      799 B
       7.7kB
       10
      13
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      iexplore.exe
      753 B
       7.7kB
       9
      13
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      iexplore.exe
      785 B
       7.7kB
       9
      13
    No results found

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b1100fbc89a3952af66094c0cf5371a9

      SHA1

      cee24070571a72a2cee27233f8cdf6f05371d32d

      SHA256

      e2c08cd33e0ab61cc42e600c709964b6b06e25565b801578baad54e581842394

      SHA512

      a9a38e8a9ab28dbf3d3987a3bcd8b9ace5c2a78838f6b1b6e1ce10156ca4d58c74a3d70ec29f59692a0bd3a735845651c7b0b258a999d93469c27e13af3d2c68

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4c03910a5e7a72b635d4f415cb63e7fb

      SHA1

      347744dd9b727b76c3ed78b6cb2b232faca3d779

      SHA256

      40d2ab848c46cc4b830249f266a7d958833cc57bd95246664a8f5e1bfbc8ce42

      SHA512

      ba6e75023c5de946d2c987d14da91122af4ae35ae88249387256f8e626789f1a3e479ecfc81a09cf3f8a383653ce8f48df93cc6e80b484e8fd4e5fb9d8265e5c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f45a42fd91d7d2a3ce29b5909a1ac242

      SHA1

      3ced6bfc9d504a51df70f5d855d431eb4f247251

      SHA256

      f1792fa1f4cd147a4eca5b20be7c3057a17cecb189fa5b7a45cb047aabd7ae68

      SHA512

      a9a343d02937b20358e5ab15aa0e0e7e760a3f3d9aa917cde3c606a8602061bf4856537f71a224a8366f3f0276e2b0a74711abebc7dbf3b66f10881bc9ceb7fa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c09904e142afcbf689ea04ba48fa6eb0

      SHA1

      6999319e08f953ba566d6118627ab20a5f3d5988

      SHA256

      a4ec151ffd67b139c8e9ab3486723df67c5720f88b22c5e28c6e07ced39c27fb

      SHA512

      7edf22417a8188986ce7fbb28fca3d04986bacffc847c2a25e7da352a723237ce2d2a0ba22522db057515a9a98ec25dd9eeda6a32269d1e0532076dfa3af4a94

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      974a9689dfb5ad75b1d4d8ff1e2ddd26

      SHA1

      f6d8f4ff1f9f0bd812531be8af0875163f98a394

      SHA256

      ee0807feed589dfc54122b0ece1ffa987a612f565b3f4ceb503f07cf1b69a322

      SHA512

      d7c7a9126c7ae40e5dffd9e704e4cd8723e14768fd9d1cb08f92b9df1557205058246bf291a9e88fe1d54341537667683f0ab663b5ad79c4f54840b7b953f1b4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      43eb35ad91ec6d217e51473c41e3e806

      SHA1

      d6ccaea55d4fbc0bb497aa55ba13e2f39aa73be3

      SHA256

      7bed0fa93096b16145782a7de77e3e9931dbaf4c90031d2f3f82f95b1af99e75

      SHA512

      d6f312d7a335bad6eb5fbf0d054377520c0d5b36ff65aeb5d465153c73357795a2c32dc99fbfea3d45b54da9d1bfcdfdf64699695320221e31924130021f0288

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ce8854a292654ef8e147a79d9b18bea8

      SHA1

      803babb78b020471b5db8236f848ffb6fac723a3

      SHA256

      14810a13695386c6d286fb3246efbe085800b73f4d02001ed783355dd248dbfd

      SHA512

      3c2053276b2556a3fbb2e4b043437c7d0c000f4f38ef6fd432347a31938e2f4e2f8987ae899eec728bbdf654ab9c39c131a26bfbad383d2a7fbf6d8ef37930a3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e1d3360ac16d87d1b86d9663eef7f49b

      SHA1

      c9a1e16450346349b442b9994b66b1463c2c6aa6

      SHA256

      0b1c952a2e0fb58692d2de72bf36048acc7bbb23f312a3b7c3955176a1cadcf8

      SHA512

      a12336726fec9f5edef3f8511467d91ede678afd596e1131a6f261b06747b88525110b63babacee027c77a952877416a50d5742423cd7c56b8187b759e8223f2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bec8776b8351d2551fef6516f8595089

      SHA1

      4d930b08b9b4618058ed34932a129f065ea5500f

      SHA256

      c9b31b1b17b94ca68ec615a7fa7b3b8d1f17520692e401fb4e0b1e7798dca1c8

      SHA512

      383a45409f34bb35c18c910c83eadd8a47d9aab771a5a40d8ccff8fbad9988c933c4946665e14d5495b20dc34b2e609d095de457defb2f4b4c6270ab2c285e1b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      605303efb3241611a4746581762ef59e

      SHA1

      13e3c0ba31bcabc937c122227ce2c7c350039df2

      SHA256

      6af2c0c0cd85e80c46a44fc720c7fb8b68d0e344e8f162ca4b0d7584c263c99a

      SHA512

      c6a6c2aa36b79e31333719d0c9381e3565ee1f3c5e56aa51376ab82cd846975fd19c6ddac879157f2ad2a4aecab728aeb493fd278849379ccffec43872ac193b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8ad745bcd399b27db3c4347761f753f0

      SHA1

      2c3583b47a55360445f6974176901e5e5c04d78e

      SHA256

      fd07e4c375a04cabd997a8759e6aec3de1203c33390bd1984ad4603c55161aa2

      SHA512

      a0d13fc1f9832b8d8ccfb83ed2a499a5135ce3af270b3c6932d8a9c17a57c96aab50479bc5da3a2d87b8cc34d4c6d5d39440518ead5d6a490998f27db51a567f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      43f367fc0457233b2f3b56a676627428

      SHA1

      0994855211263ee9b242619ac6b759d5013c3b35

      SHA256

      ffe5a14dcdc94f2c4d6acc2799efadc7b1775ecc60867ce4c4db9c0b0f63b2bd

      SHA512

      0771ede5fc0e2067a4715e4aa067e38ec9bea443966527eb8f7787966e13a24b9bb522257eba24d68cf3a9f256efb89c3ea64317e1e1fd10b913842cb96aeb36

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ba4795d10eb6692ff8f3d5412dbbe996

      SHA1

      37323da7520de330685c399cec4df2eb1fae30a5

      SHA256

      c085235039950a14ae3e9bef3b8fd83d636d3fca424c567dbabfaa04d82b40b4

      SHA512

      7c23ad07f2a91c13dfdf3292ab98ca95e87b2a9055f1dc62a6440c7bacaef75ace6c834f0e850773ff3a5d857170c8695775e9d384f6a1a6c5476bf4a7e5f43b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      72292aa1d5718421cb0ffb2c0a825228

      SHA1

      ab10a617a80aa309477cdb8b12dc8918ca37b215

      SHA256

      47077d3b72a46c27005f91d0ee49d3e4d688596d597d9ab98b3b4309a8b5be57

      SHA512

      38f23260aa177d7a91d269bf981d3c173e7999aed0c3e7750db4d884d7cf53f5f62d1f856784567ef40034c5c91cc4e2e26f7b5a31cbb7eaff0cdcc0521ed3b0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      99ea74aa9d0e3b2f78634daeb802f3ad

      SHA1

      85cb96e0db6115da4866fda9b1f7695bae1fd52b

      SHA256

      4c40a8881d72eff40023d65008611afe1c968c15c111d2a88d1a75134aeeb999

      SHA512

      5e1739f2c8fed19532384c47b51d5ea3bf84377268ce6053dbbbb9a4b9f6b6c816731c3439d123fe7cc2cf3fd6a04cc3da729ce70176cec31bbe72ba088292be

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f2b7bac96a0b932ffa0523fb280a328b

      SHA1

      71cb9313d8b2cf1d197ab168ff958736ad76ca06

      SHA256

      d25d7f5afa8533307f66eb14e2d48c6c1896b97f2bededdd8e5cb16a24f059ba

      SHA512

      7476aa088dbc6f8f0d5ef92daa7282c39ad7e26e11a681ee15d8e2f5df676b63524187367139954a8a316905f57967862e225e1ca5d083b5f31d171f97dc1e76

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c6e5af2663e04e225bda362d882c9b94

      SHA1

      7216b5737b4c7961e1085ae17fd6548ea77fc58a

      SHA256

      7fe2c67cf851f2896aeaaeaea06db5ccc17bd1fb6ed40057d0f13410a51c25ca

      SHA512

      534989120efa0c2c07af26e3dff3e84296f11762a88c29a4d9690311cbe92d81d674ba7fe00ce431ab869ac54677defa446be9ea70d4320f0de0a30ac71517df

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6649807ca5924cab398161cad544ed27

      SHA1

      b4eccc77c2f801335301621ccc72ca4cf2162200

      SHA256

      3bf70566c7edf9244ef0fd891410c4cb2671b146aeaef49f9049c131a8fb12ec

      SHA512

      d236a5e0ebfa66655b5e042662fcaa1db6b1147cbe8f5e96bbcead8630ac7ed647ab4027d6a93af6b696f79ec8cab4f57a8d482ef92682551635ffc1a5f194e0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      408314bf49477fb83427f77321d0c23b

      SHA1

      97f78e6b40f87314651e4ea174f4dcc8a964e7b0

      SHA256

      5600979aa271ba4cdb7ffd0cbf97b51ca0705ec1786c09abd4f6cf80126cc70e

      SHA512

      e2d5bcb9244cc3ae117dfd6f1dcfed8096aa7a758e55e6d68df2e2c422cf86ddcb583e2cf1fa3cfd2ac9081ce09f75fbdfaefdcbe9ecf228df09542c6209c8ab

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabCA35.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarCB03.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/2104-7-0x0000000003A40000-0x0000000003A50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2104-6-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2104-452-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2184-10-0x0000000000400000-0x0000000000452000-memory.dmp

      Filesize

      328KB

      Download

    • memory/2184-12-0x0000000000460000-0x0000000000462000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2184-8-0x0000000000170000-0x0000000000171000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2184-24-0x0000000000400000-0x0000000000452000-memory.dmp

      Filesize

      328KB

      Download

    • memory/2336-4-0x0000000000400000-0x0000000000452000-memory.dmp

      Filesize

      328KB

      Download

    • memory/2336-0-0x0000000000400000-0x0000000000452000-memory.dmp

      Filesize

      328KB

      Download

    • memory/2336-1-0x0000000000400000-0x0000000000452000-memory.dmp

      Filesize

      328KB

      Download

    • memory/2336-2-0x0000000000400000-0x0000000000452000-memory.dmp

      Filesize

      328KB

      Download

    • memory/2336-3-0x0000000000160000-0x0000000000174000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2476-368-0x0000000001D50000-0x0000000001DA2000-memory.dmp

      Filesize

      328KB

      Download

    • memory/2476-16-0x0000000001D50000-0x0000000001DA2000-memory.dmp

      Filesize

      328KB

      Download

    • memory/2476-15-0x0000000001D50000-0x0000000001DA2000-memory.dmp

      Filesize

      328KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.