Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

c6880976d8...19.dll

windows7-x64

5

c6880976d8...19.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    122s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2024, 18:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6880976d88a6fdfec2b1aa52b9a1919.dll

  • Size

    66KB

  • MD5

    c6880976d88a6fdfec2b1aa52b9a1919

  • SHA1

    3bddf117982d199fbf91eef525ba8e1df23ecee7

  • SHA256

    4d93c444d0e75bd37cd803d6394c13d6bdda493fadf33aa64ce8f23371836648

  • SHA512

    13481548d9d06e85f9725a1a5fbdb4da4498b5b7893b260d2877438132eac51858c81a1db3406bb4abdf2d36935ce105dd4d369d67c2a48f85eb99db24322a3f

  • SSDEEP

    1536:+KaouK0rof8925RMehGW446cHHP3AqshuqRTu2:+KaouK99MqB44j3cny2

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6880976d88a6fdfec2b1aa52b9a1919.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6880976d88a6fdfec2b1aa52b9a1919.dll,#1
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2992
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0fbc1d19d3f9c3dd5fc3f81b4ed081de

    SHA1

    034122fce02e78b5580870b31e9080c19db112cb

    SHA256

    415ec7b4deb9f9c4766f29d18e68b2dad51d50a007727729d617f68279192dc1

    SHA512

    73daed5da271c6b1df31227342b3c0696cfbf01375f32838a7b8c7a01fcde4d78400a8d4ba4652001405ab2fd1452d21c9a745ba80de2852ab081acfce69380d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bdcf2f1179b7b1586d148b0220d3a501

    SHA1

    f0818aa7fcabb8a6f73043f85d1e16cb401b9558

    SHA256

    2509fd1410358a943376a08d7cbe8a6bbe9e24c277a6b27c8f3d385c9427102b

    SHA512

    5f108615b65ac875184eaf54359daa6c3c3cb2169a9c2367a6005f2fbe2246cd93e5ce43cb255a97ee68c456eced061a2b1e202cbeaa279bad06ae2589f8535f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df66ccf6be52a5ff6c8068892ee88f7c

    SHA1

    4836abcc9f25597344dda3e16dc67fed9ea74f97

    SHA256

    7609b6ebb478dc923089b8f375cd95360d38157c8e94ea6d109585ae4ae7e7b8

    SHA512

    737d72de8f37602d0713d5f90b3e1545111550bf28bb2b098af641b6cc859a4d782ee582fa75abe3d7c76f34bbbceefc8a5d785c49ac900aefa2a70f8c607ab9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    22c377932ed74355af580bd3c09593f3

    SHA1

    8d99627fa9065494f9ea65e1f9b00d0195ecf1dc

    SHA256

    d14fb3d07f3a55eb75f81ef17e4f08a74c1b77f0f79633a8ef146a0f01a5097e

    SHA512

    a4b98f8bb3fa314d1072ca1cdb4892f8a0477abc09a6c7e00b66b9bb3d30ab74b0c031d3f0052925e638025aa224320ee58b249fc25a90622aae2a5b38c24e9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bd92faed491dcf02dd9804878ee9c598

    SHA1

    02abfa4cd366a3ec6aee5e1f4df0764eff619c3f

    SHA256

    8a60ef613d9924e150e047bc88c3ab450b2bbda0332f6d3bc61fdcb9b6f19a43

    SHA512

    7e7a177a8a01512b031605fc9332aaf90ece8e7d23e0cdd34ce4958145d58b5c0e48f87ff8c631af8839f877374afa9ab096a93b878b7ebd72b5a04ff360388c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    95f3eecc50032b717f2fa750c383fcb5

    SHA1

    bae603663be09d7c06d1a051be5047daa3a0df97

    SHA256

    11201caeab1814c8ab9169f4da2ed93ced19a627d57af59601d80ae1e6be7ac2

    SHA512

    b70b502c4bf2b90dd074769ab309e3ff37403de7ff15bddb73522e124147c50b58c6f945aeef7f3c0d5874d5e63a0062bfdce653bb9e140c8c36cb5a978b5623

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f297bb8547919f7cc91ddddbdd14c99f

    SHA1

    bbf0c89540744458b0e92418d2f4fae83486a125

    SHA256

    9e0327acd6449e99d238eff0428143d83ca5a724feaa592b94e35e696530edc8

    SHA512

    6c070e8fd4d5d57f6f0001e61a16d671aafa266ece4ab8fdc253cad1c07e0a001dd4cd60ac0fbd245bd221aa06d92f04b770d08c29e7aa63c33ab69f97179f71

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3D13.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3F3C.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit