Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

db4a8a2c00...f0.dll

windows7-x64

8

db4a8a2c00...f0.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21/03/2024, 09:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db4a8a2c006c1881c291b9c3b370e9f0.dll

  • Size

    201KB

  • MD5

    db4a8a2c006c1881c291b9c3b370e9f0

  • SHA1

    89379a0bcac74adbb1bb33495d60ecea497103ad

  • SHA256

    237052502cf122969e4a8d3eab5c1522f690229101c0b3dd981ea711cc5ea206

  • SHA512

    86aa0fbde549b03df8f18fabcdf388bebdd81e9c13686995b698ef78f1fd8ce669aeb032db40939b6106cfe6b91135024f982bfa17c19b9acbc98f9473612a10

  • SSDEEP

    6144:vKQTBUREsk9PRQ7+jbiyWXGruHpdEA+I1hoSb:iEUiRy6eyWXGr6d3oSb

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\db4a8a2c006c1881c291b9c3b370e9f0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1084
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\db4a8a2c006c1881c291b9c3b370e9f0.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2248
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2280
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2256
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2428
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2188
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2680
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2512

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2b9fbdecb0a448d641ca5db3b13606e5

      SHA1

      89b6c018dc04a7cbcb4365c57c6a499bba0ef1ce

      SHA256

      d6a945e185b5981e129cdf4b961d264df09a93bbaf2f798bf6b2642bbc3ff833

      SHA512

      ce33ccf7beac9b703c46d66dc9ac62b60dce8e46da0f8a288a36a09b10eef29172e0984fe7b86e7b2549c349fe801db78d0a084b48b2ff292efe0a12d286d7cd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      be12ef3738028e66f875345076877e4c

      SHA1

      a417848e398fa7d07655aff7953954a8d1171efa

      SHA256

      864f12f5d01b8a6aa1cb4d232b655f047426ac4d9e38e09da269f2ef8603861d

      SHA512

      4e340375f79bdc41cd732e9016c62f106a0e7e6a0d048d8f145ea93e918a48fe387295679228059536c54e1457e7c2ce9264b45d59825f1dfa3fb16adbc0b955

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f296c83267a73f7eb27def60092ac9a6

      SHA1

      8a272e21a364705237b7a7b37b41e589d3023853

      SHA256

      7712bd5665e547bf66c9515f964c3742c56092769cfc572236926925944bdf26

      SHA512

      b3f3737d734fa91e97ab2c7819c7f5ce9e3be03403b11c6bfe340a2c72a6b76134b56d7ab78eaf383d9b28c12d10b697c2c2ad9f3935e4f1e8a1c6e837f3cf1d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9edafa421323c0ef402e6c7eb4df0d51

      SHA1

      1b453c82ba5b41bb6fb503b1afc2b5f830ded38f

      SHA256

      737da740da29e604e6069f431424b1793d7cd1e50f1851806edb673305fe7c1c

      SHA512

      16498ec288ddac61d088078fb48edc112a8bb7df39068809802984d7c813f75f52383efaf8ec45def5e91562df9a41bb9c61d05f27a11c94642642d452ab35be

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      45362f97480ca600233b3e9afc3cdd25

      SHA1

      75805f02ca90926ae1bbcf3e52e300d341d9a6cf

      SHA256

      092bf54df67cbd81cd3c7a7f826ce4b29a595bf3a90ee068f8be20717e5f3813

      SHA512

      d4d7168d4edcd04df4f9b509e02ba75ac95fd07bef72d2268ec8a63db0a9c3458652224385ba650a19a4882536eede6f8a28e1a3b06bfe1849326e253857be35

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      caac6663e1910344190735705df72c94

      SHA1

      9d4c66ca902c3a5a3f4056fddeee1206c3af235d

      SHA256

      dbe65ebf1b572363efcd439a67c585b4cb9a2666fbacbc6b712afaac55d00871

      SHA512

      af4afc22ecfe86e5358cc09f5bdcfd17b5d5929ea1b542cc9d4694dff34d8b5037c2a7f24bc470bf5b87e8693e8e4d41c0c7198cd4f67c2849edb6e5ea65105d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      76b2c0536bc320f36289f6ad70cc0deb

      SHA1

      69f23b75447cc3aab21d3866e884d2ffd1022216

      SHA256

      259aeb9588a4de0db9533401f8f6279342f9ed2749d8c8655a55f7addefd08fc

      SHA512

      c525f86fed9f6f4f8e3c09b1b58f940d70eca47c21eb6e9cb8f240b39d87f3e9a990bf8944d4af7ba0301689fa4e4150c7cc8fac1e45aa543bbf113fc84ec407

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c4b42c9d8bf6445d5a77d10e890aa0a5

      SHA1

      feb83d34eda999d082284439214c5e4eb9e31e48

      SHA256

      a7e84dcb2d265d5746e2cf249a1fbc193a20b32521842b179f739d3483cc0056

      SHA512

      ba668b08b97b9529087cbc6f23a18f6dcf114dfd1d0d2dd52621070e63414f7f0a13b5cd00cf6a51e5423071dee50d62795408826996f4944c95b80a1ca09a35

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b0805b66b384daa1888159e33ee8d0b4

      SHA1

      22830d70c956b8b3bd24b28a90dcee72bede8f23

      SHA256

      d1f0e47e1e8a474be1efdcbadb86131a003c56e46f69f8cdce20e70f5cf81345

      SHA512

      2955de631d7a91c35a446070d7172e568cfa417c6bd54d3aca770cd7efc4e0443b00825eacc44a574ec929e3a56addcc332c5d5cc43ed1f7ce77e53ab57ecec9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1e3e3c35c934ecc30e70c8985c3b30cf

      SHA1

      3f6bccfffcec36cb9440ec0fb82df8b09292ac8c

      SHA256

      e2c6f34b4c8144f29cb59bdd5cc15cbbe88e4409a7cb8d5875d205b88b6fdb2b

      SHA512

      707dd5ae4e1202cfb9015daa13eefb193cab9eeec16a0a1e0f23709240cf18cc6dc365248de7ee813ab7b00d190b3865c1de4bf1dbf19f0da7e99445f0c67ea0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      466666d8eefc3face1e734bdd15d2ffb

      SHA1

      55f9e4fb1d509d1e2015a3007178995e3af033c1

      SHA256

      d85bff6650eddd59ee54b1cbdb16e106348525ed46e8cb2324241fef8943a6bb

      SHA512

      850e0f74fd7d727f47d9d56d3d85d4c59ea344f9ee90568f92cb5407a48e278972e68862407f179ce308ea7acbe7500ddbf364dcf4eef0221ec54e5fe1170088

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab5D5E.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar5EFC.tmp
      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

      Download Submit

    • memory/2188-6-0x00000000037B0000-0x00000000037B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2188-19-0x00000000037B0000-0x00000000037B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2188-7-0x00000000037C0000-0x00000000037D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2248-1-0x0000000000230000-0x0000000000295000-memory.dmp

      Filesize

      404KB

      Download

    • memory/2248-4-0x0000000000230000-0x0000000000295000-memory.dmp

      Filesize

      404KB

      Download

    • memory/2248-3-0x00000000000C0000-0x00000000000D5000-memory.dmp

      Filesize

      84KB

      Download

    • memory/2248-2-0x0000000000230000-0x0000000000295000-memory.dmp

      Filesize

      404KB

      Download

    • memory/2248-0-0x0000000000230000-0x0000000000295000-memory.dmp

      Filesize

      404KB

      Download

    • memory/2256-8-0x00000000000C0000-0x00000000000C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2256-17-0x0000000001F20000-0x0000000001F85000-memory.dmp

      Filesize

      404KB

      Download

    • memory/2256-12-0x0000000000220000-0x0000000000222000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2256-11-0x0000000001F20000-0x0000000001F85000-memory.dmp

      Filesize

      404KB

      Download

    • memory/2256-10-0x0000000001F20000-0x0000000001F85000-memory.dmp

      Filesize

      404KB

      Download

    • memory/2428-18-0x0000000000790000-0x00000000007F5000-memory.dmp

      Filesize

      404KB

      Download

    • memory/2428-16-0x0000000000790000-0x00000000007F5000-memory.dmp

      Filesize

      404KB

      Download

    • memory/2428-15-0x0000000000790000-0x00000000007F5000-memory.dmp

      Filesize

      404KB

      Download