Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3b439a7fae3...95.exe
windows7-x64
7b439a7fae3...95.exe
windows10-2004-x64
7$PLUGINSDI...lp.dll
windows7-x64
1$PLUGINSDI...lp.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/03/2024, 08:12
Static task
static1
Behavioral task
behavioral1
Sample
b439a7fae389b2b9c21d337cdc959695.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
b439a7fae389b2b9c21d337cdc959695.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/OCSetupHlp.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/OCSetupHlp.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240226-en
General
-
Target
b439a7fae389b2b9c21d337cdc959695.exe
-
Size
1.8MB
-
MD5
b439a7fae389b2b9c21d337cdc959695
-
SHA1
fee78c5118e037ba798977bf45ebd5a3738a14fc
-
SHA256
14be8aeb2cd8c6b348670231e705ba1041fd1daf9f3b164fa42104e8006db3b0
-
SHA512
76090b98d053d6d72966442b20f56e581e52f6a5f53d751fcf099e54e13c020f3e4a145586333d034a3ce08864690f371b0d9469e78b0ff683efa02b33ca6fc8
-
SSDEEP
12288:qqv9/2PZUwVIGGEb0lYYn0X+RUTvEXedh5ptb/ZFvk7app/fpvplppppvp5:qqvd2BSYYn0lTMXedh5ptzZ+7
Malware Config
Signatures
-
Loads dropped DLL 4 IoCs
pid Process 3204 b439a7fae389b2b9c21d337cdc959695.exe 3204 b439a7fae389b2b9c21d337cdc959695.exe 3204 b439a7fae389b2b9c21d337cdc959695.exe 1416 RunDll32.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3204 wrote to memory of 1416 3204 b439a7fae389b2b9c21d337cdc959695.exe 92 PID 3204 wrote to memory of 1416 3204 b439a7fae389b2b9c21d337cdc959695.exe 92 PID 3204 wrote to memory of 1416 3204 b439a7fae389b2b9c21d337cdc959695.exe 92
Processes
-
C:\Users\Admin\AppData\Local\Temp\b439a7fae389b2b9c21d337cdc959695.exe"C:\Users\Admin\AppData\Local\Temp\b439a7fae389b2b9c21d337cdc959695.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3204 -
C:\Windows\SysWOW64\RunDll32.exeRunDll32.exe "C:\Users\Admin\AppData\Local\Temp\nsw64D5.tmp\OCSetupHlp.dll",_OCPID1049OpenCandy2@16 3204,536979F4BDCA42A9850FA3F787E5BE47,5A959DAD402F4180BDC5BFE6BFCFBCBB,55E729034D9F436DBBB3DFEE012365FF2⤵
- Loads dropped DLL
PID:1416
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
819KB
MD5ed7a7d6a10b133accac5e64050328d64
SHA1c91ca85c665f1b151b6436e1c0d5b99ed6570cbe
SHA2569ecdc3ffea8b139ed411993735d4b3ff050c2949f91c817a74c2d553b0015a6d
SHA512be0711ec6f09f4768e4510ecb61d16d8d756326d0deb231b5cdaa6396dc198f8980ac8b0b9f91a13321dbc8143c346268fffd8efd69a5e4161bc78bd6235df46
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f