Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

d5bfd797bf...b0.dll

windows7-x64

8

d5bfd797bf...b0.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 09:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5bfd797bffd0d482122f914b16ea6b0.dll

  • Size

    218KB

  • MD5

    d5bfd797bffd0d482122f914b16ea6b0

  • SHA1

    d56c6dbfce4d9bd30a1375c7c21e058e5fc38743

  • SHA256

    ecf81ed9fec100e108a655305c8ef4e4386a575a4e280684c516a91caee79dbd

  • SHA512

    dfa76bff58300a90ba5059bba8dbcc731676c5e2c91a03bc874c76fa0ed677469daec99073d632120e54e2870e9bd51d566b7efe11b15501d9471dfc9c506d95

  • SSDEEP

    3072:qyKGuljBliR1jjx6p0PnlE43EXU1VtlUxRX/um1onTuwcTfeMUXaCZLns9VCr:qfGu9Bkwpud3E+4BqT10feFXaZ98

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5bfd797bffd0d482122f914b16ea6b0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d5bfd797bffd0d482122f914b16ea6b0.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3000
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2564
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2576
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:680
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2476
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2612
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2416
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2416 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1816

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fc8b1a956dc990b1b6b73923f5add642

      SHA1

      6cc40b252c014bacf0685d1d993da7dc0f330a83

      SHA256

      bea83a69d6ebb71ce927148760f0685875a383faef296d9b439208a6c1578b7f

      SHA512

      28c4827de406bafc9aa5a7d7b84af2da9c9fb181ac92bc0daf3a66f2fa2d003e0e9d705486b734828980c2dc66e405c8db60f2f0cebbed4441b5cfd6aeb5e165

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b6b8d20ac937fe5a1af6d2209a0bbaab

      SHA1

      1dad3eae05d1bc517d4ad2db230d3cbf78f80b46

      SHA256

      31068a8b1f4be6f549cc2e33f6df242f0dae938f582f0f11fc98aa310cfeab5c

      SHA512

      b713fabf40690e6ce2d5fb8408556413df8529d845deef543e943c47d3ad848e4905065f2e131461e48b155f2697be5b6743f9e551c8e8989c6641c82503b876

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b4e3da14730c2fd4299d00b62844bab5

      SHA1

      f78a982fcacb15c006f61b0ebff0be4d317c3b46

      SHA256

      f81f93c5228eca1ed8a3a46fa9ffb8fca907e943ced747196460c6d87fb0cf0a

      SHA512

      233d196b7f212ba04b9cd320d7bc20f121a0b1d36b3e89d111e843faf486081f2a02692b7d60a2c7ff8c6af3b667e2b44236898d65f7a3a4d69e15758362e0f1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c5643bbd0c7d27fbffefa5e840b1cdc2

      SHA1

      7771e14b5864fcd5b093c26c8152431027b45f0b

      SHA256

      66f77c1dd3abcc4488a8189047b8505b58569d0dfd23e8c2efe3b38f7cc35cd3

      SHA512

      3c9c2d64523306dba194e71e10106c24a837467067abed9b54ee73c238224e68fa821f21e2c0394b9154ad7fd817be39b24c9e410aea9c9bbae476917be546fa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6db4839fcd5a27d2423fcbaa18e337fe

      SHA1

      711ad76a21e186402c59ef933bad6bacc12c02c2

      SHA256

      e0aa64135324fe6610bf923708f04c6ee7d79a8dc70d4f22d98d2caf32e5474c

      SHA512

      7b2781b51574c5fe84b6f23627d2cf3b9ec252e1314d0fb6eeac51361c79c6413fe3b2abf61925e2f9417b9093629c9728c51d6b0cc2726273e9027d6799d5e4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fc0ee499def8f9a817d0f9efea0a3875

      SHA1

      1a6c87e32b33aae4e17a17f4540c3878facaba74

      SHA256

      c8f1db9363af75ac531c601a40ef1984931b5d2b6c1fa57725585615be45d9c0

      SHA512

      6a99d7fb6639c396f367658b6a8b965d307b911b35e921bc8e64f61158d9b085a86e92b1128bbe38583e8ce4c30baa30892a35540d1b38f64af9c125aed8a9f4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fd593c6659d57d9f72eb73a3cfc5c7e6

      SHA1

      fc2ae42bff9ee778274589ac4298318de0425ff9

      SHA256

      906dda009dbbb5c435f5da7e8329a51db2c6c1768338e1f75370a3168153e4ba

      SHA512

      f79df7e6888ab4d02629fa6beffdc45c9d29ae92b5378ac57891253f13c1a5bf9d57e2bae23ce57ae7d6b610285cd3596b8854ca0132339647d4af2c6947aa5d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1c69df704b3a781ed3ba682099f83305

      SHA1

      b58d0a18a3e3d1ceeecd5096b53e58058295541d

      SHA256

      49f37d058b58954719d5e75e5757de2238897c22287683603670f76c6ed2e1da

      SHA512

      4e97024ce1f934ec681cf74b143cf453598471c2226ae8f81fab9f7dd98c8df4365880c1c7f6cfceaf2aabb6162cba1d1667b3b022d17b8a1a4eff585bd6e4fb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      65773ae8b534e059f23c57f4f68bc20b

      SHA1

      c5a3ced4c3570a20a5d1554e5791d59b92a0f9b2

      SHA256

      5dae6a4cd568219733426ba1c2afd626db483921b566ba983ebe51768cc9f40f

      SHA512

      7dd377b3b31ced45189ad3c314a7bf0f5304777fefb4740a1f96b380d1d9c7dacf611ca11f0f36909be31a3c7be0ab03432a32507adbaf1ecee24068ad9867e2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dd494c2ecc25528af27125c9972982ee

      SHA1

      1497ed09b692d594b417369e4f3eafbefacb629b

      SHA256

      d03847aff368135d99ea595b0faf4b5dd26c690bd9d50d3aeb48c35fd50a6cf6

      SHA512

      b378650c9f39e19a30059a7c170d1c20cef933dcc69e2a5190192df7bbff70666b0faa48510598d52488e50c4b192291b18633592f31dea818835b85660627bc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6a1e5d1c5225598915bed961c874b1fe

      SHA1

      e012f01c7606722b6b0ff3a96c57e4ed1b21c6a1

      SHA256

      9f1472c9840a4bfbdd86f5765a744402a0d477efa2679f95d4dcaa83a386c8ca

      SHA512

      33bab596336eb33c64e416044ef890f12a68ebf4acd649cd0f46a6d88202cdfaa32f3203fa68e83c6d563a64c11d9a2b5658a3af234c7616d2de30050e9e18d6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b4686e3a81c3f2a3e86dc6ba92c26aa6

      SHA1

      e29dfd906e4a7ab09f3a8e2f1f50cb76822b3e03

      SHA256

      f62cbbf054756a9b1ba8d92270141a1bd0765854594470fb6085c62e4e50d5e8

      SHA512

      ca686c6a71254782e6d86642788002f1fe66acc8d33455bd4f928e20a16ef64b3068fed1c9728b57c3a5224ced439b8431d66decaf58c3b1eb05aafa13ea79fa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f973f2739838e0b29e56956ce89976ca

      SHA1

      4effae86ee2c143f9049066841a2f237103c1f4c

      SHA256

      cc6dd48d32e93af8eee77499fdb87e4d548e274a71910f4659f60711dcb9ddec

      SHA512

      4c0914ff9daa43263257b0d0881ff2b32f538fcbacd1cecc494b01fea24e076dd08500bd3a4bbb6a54d9137be1a7fd834ca793c7040d9d359ad3873b9415d294

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9a249e8ee012aa21a90a63bae17be7f8

      SHA1

      b9dca0949baf9924cccf4e8be54b2e23fd34fd8b

      SHA256

      56f5f19ea67fa0bd0248de86fc60d8fc3d5d03fedbe029abe644cf5d946d2a78

      SHA512

      5c8f659ee594541b5329f44ad154b97c9d0adbe879a581736d107cd192e83ff5d2558bfc467f8085fd8472efa578d618a74658ce3e78d6e17da4a0321dab71af

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f736f6de6eb0bfffc022b319ead66e4e

      SHA1

      3dad51a5984e8721a535d074d36559cee497bb3c

      SHA256

      797a8aca93b90f0808efcba04b3b5e543f89272034f539b19fac7af30c0e517d

      SHA512

      f503812bcbd05c7d12d3fbcbf59b0b1a36de0014173e2b61864ca0fd32f9cec8f15fefb3d7de85f360ba277231ded3c3a99f079060caaea6222ed889bf7b84b9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      87999ea6b564539db9701466e82537da

      SHA1

      c2d8967015bb8a77004745585c7a9f1ba6106a9a

      SHA256

      07be3b313c39d7299e3d7ccc14d7646025bad3271ddd85e7a5a14775698072f9

      SHA512

      64747972f96470aae6d18b8aae5c40cb8be0ba0f16f58a7f72f135ee7342daad26136d511629bb785aaa5caef67e68225b0bf23e6142e839562bb799d607c019

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7271377b1b677ed48560fa0bc7ac3ee1

      SHA1

      557b069c15334edff4e5d5d69e486ad1daa4a5ee

      SHA256

      03986037381e7ec8ba763e1fe4f7c73d4285d168ba71ec7ee2896cc849c0f857

      SHA512

      57b961d1c248fcff85fc145b13dc4c3c6515e43015ac6250f6cef51d0a4c6096166ddd448f65cfbbe5c6349eee03de32a47268aeb66f9b6da618a4798c65494e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      054fa062c4a71f5fd8bb461608b9ba0a

      SHA1

      97ef79392980fe4ec16262cf50d94d111f3f14db

      SHA256

      f1c7a49fee9a698f09d53a6ce1bb07654ca4187a801867ee36ea8d77b63c1b9f

      SHA512

      935b1d8d10445e92a13284d6b77030d92f94d707943e8f30e2b55097bfdc23ba0d47e24ce1638578916bb8b43bd910c59193bd3d70dccfb6f7cab0098ae7fa37

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab1B6F.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar1CAF.tmp
      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

      Download Submit

    • memory/680-13-0x0000000000A10000-0x0000000000A69000-memory.dmp

      Filesize

      356KB

      Download

    • memory/680-16-0x0000000000A10000-0x0000000000A69000-memory.dmp

      Filesize

      356KB

      Download

    • memory/680-14-0x0000000000A10000-0x0000000000A69000-memory.dmp

      Filesize

      356KB

      Download

    • memory/2476-6-0x0000000003A40000-0x0000000003A50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2476-5-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2476-17-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2576-10-0x0000000000470000-0x0000000000472000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2576-9-0x0000000000940000-0x0000000000999000-memory.dmp

      Filesize

      356KB

      Download

    • memory/2576-8-0x0000000000940000-0x0000000000999000-memory.dmp

      Filesize

      356KB

      Download

    • memory/2576-7-0x00000000001C0000-0x00000000001C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2576-15-0x0000000000940000-0x0000000000999000-memory.dmp

      Filesize

      356KB

      Download

    • memory/3000-3-0x0000000000400000-0x0000000000459000-memory.dmp

      Filesize

      356KB

      Download

    • memory/3000-2-0x0000000000160000-0x0000000000174000-memory.dmp

      Filesize

      80KB

      Download

    • memory/3000-1-0x0000000000400000-0x0000000000459000-memory.dmp

      Filesize

      356KB

      Download

    • memory/3000-0-0x0000000000400000-0x0000000000459000-memory.dmp

      Filesize

      356KB

      Download