Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

avast_secu...up.exe

windows11-21h2-x64

8

$PLUGINSDI...ns.dll

windows11-21h2-x64

3

$PLUGINSDIR/Midex.dll

windows11-21h2-x64

6

$PLUGINSDIR/jsis.dll

windows11-21h2-x64

3

$PLUGINSDI...ON.dll

windows11-21h2-x64

3

$_107_.dll

windows11-21h2-x64

1

Resubmissions

22/03/2024, 13:41

240322-qzd8jaed3s 8

28/12/2023, 08:18

231228-j7d46scdd9 8

13/12/2023, 16:39

231213-t55t8aggb9 8

13/11/2023, 18:53

231113-xjvznsee5s 8

20/10/2023, 12:54

231020-p49dssch35 8

18/10/2023, 12:57

231018-p6wwgsga73 8

14/10/2023, 13:18

231014-qkc2xsef2w 8

13/10/2023, 08:25

231013-kbcf5sfh5w 8

11/10/2023, 09:32

231011-lhkxjadh3v 8

11/10/2023, 09:28

231011-lfb7lsfg37 7

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/03/2024, 13:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/Midex.dll

  • Size

    126KB

  • MD5

    26ae155bc699bb8d535006d9889366ec

  • SHA1

    47990e176505ba8fe8c9aa43018c71ce84702ed8

  • SHA256

    7fd5d84381997482870359c50f43eeb52228ae3f75311405c6e80fb79203aea9

  • SHA512

    03a21e68b8c5d5e2206bcd4b2795b6fabda9b6bafe5339f213dcfe7297a557cde93b85321f0fdc7b14fb7c602b71d8e0673c326994a43e72e6cab532843a7161

  • SSDEEP

    3072:8ACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazGNbx:8ACUTz1JlopG5K4OZgeC

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Midex.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Midex.dll,#1
      2⤵
      • Writes to the Master Boot Record (MBR)
      PID:4768
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 464
        3⤵
        • Program crash
        PID:2552
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4768 -ip 4768
    1⤵
      PID:1488

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads