Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

hetman_par...1).exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Hetman Par...ry.chm

windows10-2004-x64

1

Hetman Par...ry.exe

windows10-2004-x64

6

Resources/...nu.dll

windows10-2004-x64

1

Resources/...nu.dll

windows10-2004-x64

1

Resources/FileExt.dll

windows10-2004-x64

1

Resources/LoadRAW.dll

windows10-2004-x64

3

Resources/...DF.dll

windows10-2004-x64

3

Resources/...rn.dll

windows10-2004-x64

3

Resources/...mp.dll

windows10-2004-x64

1

Resources/...ig.exe

windows10-2004-x64

1

Resources/...0d.dll

windows10-2004-x64

3

Resources/...tf.dll

windows10-2004-x64

1

media_dll/SDL-2.dll

windows10-2004-x64

1

media_dll/SDL.dll

windows10-2004-x64

1

media_dll/...54.dll

windows10-2004-x64

3

media_dll/...54.dll

windows10-2004-x64

1

media_dll/...-3.dll

windows10-2004-x64

1

media_dll/...54.dll

windows10-2004-x64

3

media_dll/...52.dll

windows10-2004-x64

1

media_dll/...-0.dll

windows10-2004-x64

3

media_dll/...-2.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    1696s
  • max time network
    1162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 09:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    media_dll/avutil-52.dll

  • Size

    223KB

  • MD5

    35eb18a689bc3fa1ce372059a0031009

  • SHA1

    9629e03d00d4adbd232af30abb9d4134870ed478

  • SHA256

    14bcc908cd8bf179d4bff617ccfadab62fa4e6430981c054455c451324b0b429

  • SHA512

    13e8985a24990ef24619dadb01f35fdaa7fd22c15c1a8bfaa385b04a78e88ab881c6e913c703167f288f925aa963dbfb82f0828d4bea64cf59a2f60f5e01bc82

  • SSDEEP

    6144:hp3rxgQpPCLIIO45VgUAPdPVuHB5Il0k1DPg:ULTtV1W0k1DPg

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\media_dll\avutil-52.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4424
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\media_dll\avutil-52.dll,#1
      2⤵
        PID:4948
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:5048
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1384

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
        Filesize

        16KB

        MD5

        d5d5279dd7f2fcddec46c9a3590a69ce

        SHA1

        b990c055ef175338ca9f06caa78d837a0c9dc96b

        SHA256

        16bb5edcb458de82e6e6cd8c794a4f0ccc917398bf966eeb661f42fed73d4c3e

        SHA512

        2cff9a0cb0a1ecfe2a73d75a46a2c5faa5d5d0a3b81c740ebe18df45716db02262da902ee82971845938a6f81850cf0aef99afdd8df8190656ced5f40bb1150f

        Download Submit

      • memory/1384-40-0x000001F948810000-0x000001F948811000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-42-0x000001F948810000-0x000001F948811000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-33-0x000001F948810000-0x000001F948811000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-34-0x000001F948810000-0x000001F948811000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-35-0x000001F948810000-0x000001F948811000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-36-0x000001F948810000-0x000001F948811000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-37-0x000001F948810000-0x000001F948811000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-38-0x000001F948810000-0x000001F948811000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-39-0x000001F948810000-0x000001F948811000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-43-0x000001F948430000-0x000001F948431000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-32-0x000001F9487E0000-0x000001F9487E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-41-0x000001F948810000-0x000001F948811000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-0-0x000001F940140000-0x000001F940150000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1384-44-0x000001F948420000-0x000001F948421000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-46-0x000001F948430000-0x000001F948431000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-49-0x000001F948420000-0x000001F948421000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-52-0x000001F948360000-0x000001F948361000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-16-0x000001F940240000-0x000001F940250000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1384-64-0x000001F948560000-0x000001F948561000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-66-0x000001F948570000-0x000001F948571000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-67-0x000001F948570000-0x000001F948571000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1384-68-0x000001F948680000-0x000001F948681000-memory.dmp

        Filesize

        4KB

        Download