Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

b30b76585e...b3.dll

windows7-x64

8

b30b76585e...b3.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    206s
  • max time network
    240s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/04/2024, 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b30b76585ea225bdf8b4c6eedf4e6e99aff0cf8aac7cdf6fb1fa58b8bde68ab3.dll

  • Size

    908KB

  • MD5

    7e7b253fcfe99cf48e171533182005ea

  • SHA1

    c6e306fc7b2de1e8b1d904f636113f04fef8d35c

  • SHA256

    b30b76585ea225bdf8b4c6eedf4e6e99aff0cf8aac7cdf6fb1fa58b8bde68ab3

  • SHA512

    b61dbc28c627db00d651b8957b4ffecdefa4c92151e27a5bc18f497063dbd6fbfd0f8b645e5e6f905cb533626d8e0f7c536cd08ee0038aa607956fa2e75730dd

  • SSDEEP

    12288:I+YE32Q8n9FgCBT4jh0rOcazvLbzTq4TYSyPKcaTuxfa:IvEwnfg04jgaXbzG4TYS8KcR

Score
8/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 36 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 12 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 26 IoCs
  • Suspicious use of FindShellTrayWindow 19 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b30b76585ea225bdf8b4c6eedf4e6e99aff0cf8aac7cdf6fb1fa58b8bde68ab3.dll,#1
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    PID:1648
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Enumerates connected drives
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2412
  • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
    "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4588
  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2944
  • C:\Windows\system32\werfault.exe
    werfault.exe /hc /shared Global\8c629236519742d09867c2afca85b2bc /t 1800 /p 4588
    1⤵
      PID:3500

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133578348596366891.txt
      Filesize

      75KB

      MD5

      68ddd688cd9eece9ee6927fa020138a9

      SHA1

      fb568dc8bb86f6abefbb105851a048cfc34e793b

      SHA256

      644dc1ac01fb87d1a1c20dc051a3faca9c0a795d139710147b030c89ce3567be

      SHA512

      a2b859e66b581afbbcfb4d54b10100b5b9935b35160eaedb554f415b25ad2a826a24a69b6612c01888045425f5a9b0d488eaf17d4a954e700bb002ce2b357ad4

      Download Submit

    • memory/1648-0-0x00007FFDE90E0000-0x00007FFDE91C2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/1648-2-0x000001C9DD5A0000-0x000001C9DD5A8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1648-9-0x00007FFDE90E0000-0x00007FFDE91C2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-3-0x0000000000A40000-0x0000000000A41000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3408-5-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-7-0x00007FFDF7C3A000-0x00007FFDF7C3B000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3408-10-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-11-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-6-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-8-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-12-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-13-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-14-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-15-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-16-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-17-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-18-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-20-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-19-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-21-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-22-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-23-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-24-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-25-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-26-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-27-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-28-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-29-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-30-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-31-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-32-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-33-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-34-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-35-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-38-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-36-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-37-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-39-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-40-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-41-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-43-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-42-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-44-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-45-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-46-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-47-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-48-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-49-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-50-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-51-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-52-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-54-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-53-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-56-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-57-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-58-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-59-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-55-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-60-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-61-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-63-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-64-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-62-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download

    • memory/3408-65-0x0000000140000000-0x00000001400E2000-memory.dmp

      Filesize

      904KB

      Download