Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

c4210a26cc...78.dll

windows7-x64

8

c4210a26cc...78.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/03/2024, 19:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4210a26cc355b64ed5734df960b2b78.dll

  • Size

    209KB

  • MD5

    c4210a26cc355b64ed5734df960b2b78

  • SHA1

    d0716e4ee39e2caefc5844b35143a4d7e38ae4ec

  • SHA256

    838d2f9aa24bb10a81b1d750e116c443100f2be1093fc138e31621fd5911c460

  • SHA512

    f000f29368d3c77c14c901573995b05b3b252134af1a16c01e32e1bfb3d35195f1d220f380f7bf887851495c001d3b56dd86895ef608dac9e43f32f0da777f43

  • SSDEEP

    6144:T/q32rRjPhKuDkkLjp+ScgBKozpJ1XVSGuRq9M:myR9rIMHZBKI/XV2M

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4210a26cc355b64ed5734df960b2b78.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4210a26cc355b64ed5734df960b2b78.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1848
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2924
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1984
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:1188
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2508
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2636
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2536
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2536 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1692

    Network

      No results found
    • 195.189.226.228:80
      IEXPLORE.EXE
      152 B
       120 B
       3
      3
    • 195.189.226.228:80
      IEXPLORE.EXE
      152 B
       120 B
       3
      3
    • 195.189.226.228:80
      IEXPLORE.EXE
      152 B
       80 B
       3
      2
    • 195.189.226.228:80
      IEXPLORE.EXE
      152 B
       80 B
       3
      2
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      iexplore.exe
      1.0kB
       7.7kB
       11
      13
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      iexplore.exe
      1.1kB
       7.7kB
       12
      13
    • 204.79.197.200:443
      ieonline.microsoft.com
      tls
      iexplore.exe
      1.5kB
       10.5kB
       16
      15
    No results found

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1a83e1c894d3157f9a529f0ed84f4f62

      SHA1

      f029d28993934fb8f87521580ec90553a744e9e5

      SHA256

      7010250429a1efb34ac6dba0e4168ba6ebba6a6a67c14b2cf8b88ac1b8acc842

      SHA512

      b1e488041fd6a7d4348d8bcb205cf7194aec1d57e7544586c9530ccfb3c7b9261f7094920c3f9c6ae15f544a6696cdb7515182f43bac4793a67ff3a24e507e91

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ddb3dc211fda3e4e3c3b405375095138

      SHA1

      dd52b32b11ee02302decf7f46a52a5f90ca05ac4

      SHA256

      e608733f4bfed651f462de219f3715ec2209936b9cb2f53adeefe5dfcc90c45a

      SHA512

      83564d9ed451f5be2e1f6b4ec293539bc401149a52cf14fcc5318f063d6c4f715f5604d56fb6806ddcdefcd57d17ad8eb82ab8f7db425b338f4ca4320bea387c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b9b87d1f039eaedcd6c4fe973808c648

      SHA1

      d4a36c9d6369235bb993b323775a5520389d91d1

      SHA256

      ac127eaad9032ee3cb523e79069509090d778449db058de873bf925b22803720

      SHA512

      89e257e1019c0ccf09510020052f11f0dfa337b5109eb6113529dedebf3bcd9f27e9cd652f58d9ca160ff708f44b40596b2c0e1c17822f7ea6d5c06ffadfbbb7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      408c0cf00c1119941042be996d98078d

      SHA1

      6979df82f8dd30beaffc2d59834506ecb5b22a80

      SHA256

      2f3bd908c0f7d54179e159f2202e899441bdd64e46e71120f8f9340a3d1149ff

      SHA512

      aa18f3bd561a8391697717e560bd8a79e32567f1923c747b4a6256aa74593d06e2aeaf7b76218632d3fa4f1b1e6e4a8ee4b70f4e187f231cd254d1fa406c60cf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1301004bdc31f3e7013f78e5ecc063c4

      SHA1

      c6376063a847e2b873d83fbe641d68a1fa0ec9f9

      SHA256

      08dc1256bd54035994943573f9cc61af2ab48641470c42ff0fc44abe0042ada5

      SHA512

      6ede87c9d25d3a8075ec23356ac8c3a312730452cd2c03527be005a04548f50e4d8026bcc62502c609bb925a396625ea00a3749ae00adea4b3098d2785989d3b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b32b9908db723559a53a4332b9d91a94

      SHA1

      403c5452ef37de15bf75d5a42b464ea07e84a676

      SHA256

      2fdfca023011ca67fb6b83a3e93d062b53fa1943d87985ee246520720c73e384

      SHA512

      c4223a75bfaf780b636065229ca8dbbe37de08b3891f1c8e4bab35bdb25e03089160f71e8c7a02f519e225e8c368298249eb38756e65f2b75dd4e12a8f13dbc9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cd9b3a1d95acc5f952e8030871d92369

      SHA1

      c645bfe444872f5e13cc682e3a3c70e9278649ba

      SHA256

      d80ac4a2ad8b4b38a847e35cc3c92a61ff047cc5697baada77f170553acb28f3

      SHA512

      e627b1b0bfbcf925931c350b62bc76e08fbf9fabec7fa004d881c327d3a957dc52737bfa8e20c5da2d631aa09c7d6ce35cfa7b2f6c539b03ccde5c34b238ae7a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f07691096ea15c621766e2fe075384eb

      SHA1

      53277c111e71a93b613bf6098bb0fc92a738e0ee

      SHA256

      e9ceea7315bfec7968f1a941b3494dcbc041e61e018b5b1bd6a3f777ecffd02e

      SHA512

      27774b98bc595a8b89f44ec749bd53400fb644605899fd79df25512d34b9e2925816c7d7958e8bfd892069812197653990982a27273911755007a73f6d237d89

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7966.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar7B52.tmp
      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

      Download Submit

    • memory/1188-13-0x0000000000600000-0x0000000000652000-memory.dmp

      Filesize

      328KB

      Download

    • memory/1188-14-0x0000000000600000-0x0000000000652000-memory.dmp

      Filesize

      328KB

      Download

    • memory/1188-16-0x0000000000600000-0x0000000000652000-memory.dmp

      Filesize

      328KB

      Download

    • memory/1848-0-0x00000000006D0000-0x0000000000722000-memory.dmp

      Filesize

      328KB

      Download

    • memory/1848-3-0x00000000006D0000-0x0000000000722000-memory.dmp

      Filesize

      328KB

      Download

    • memory/1848-2-0x0000000000190000-0x00000000001A4000-memory.dmp

      Filesize

      80KB

      Download

    • memory/1848-1-0x00000000006D0000-0x0000000000722000-memory.dmp

      Filesize

      328KB

      Download

    • memory/1984-7-0x0000000000180000-0x0000000000181000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1984-15-0x0000000001F10000-0x0000000001F62000-memory.dmp

      Filesize

      328KB

      Download

    • memory/1984-11-0x00000000001D0000-0x00000000001D2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1984-10-0x0000000001F10000-0x0000000001F62000-memory.dmp

      Filesize

      328KB

      Download

    • memory/1984-9-0x0000000001F10000-0x0000000001F62000-memory.dmp

      Filesize

      328KB

      Download

    • memory/2508-22-0x0000000003A80000-0x0000000003A81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2508-6-0x0000000003A80000-0x0000000003A81000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2508-5-0x0000000003D80000-0x0000000003D90000-memory.dmp

      Filesize

      64KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.