Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0577b7e8c6...49.exe

windows7-x64

9

0577b7e8c6...49.exe

windows10-2004-x64

10

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

EpsilonFruit.exe

windows7-x64

10

EpsilonFruit.exe

windows10-2004-x64

10

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/...dex.js

windows7-x64

1

resources/...dex.js

windows10-2004-x64

1

resources/....2.bat

windows7-x64

7

resources/....2.bat

windows10-2004-x64

7

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

swiftshade...GL.dll

windows7-x64

1

swiftshade...GL.dll

windows10-2004-x64

1

swiftshade...v2.dll

windows7-x64

1

swiftshade...v2.dll

windows10-2004-x64

1

vk_swiftshader.dll

windows7-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows7-x64

1

vulkan-1.dll

windows10-2004-x64

1

$PLUGINSDI...7z.dll

windows7-x64

3

Analysis

  • max time kernel
    96s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 01:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat

  • Size

    13KB

  • MD5

    da0f40d84d72ae3e9324ad9a040a2e58

  • SHA1

    4ca7f6f90fb67dce8470b67010aa19aa0fd6253f

  • SHA256

    818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b

  • SHA512

    30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

  • SSDEEP

    384:4cr8sEcBeIXxqXhQsBxf5oBLBfXQM8ybCpGW1KTM+:4KEcRQBTxWlPZxWpG+Qx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious use of WriteProcessMemory
      PID:924
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6A95.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC985E709C301A45AEA17DA3FEE839D71C.TMP"
        3⤵
          PID:2696
      • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
        screenCapture_1.3.2.exe
        2⤵
        • Executes dropped EXE
        PID:2556

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\RES6A95.tmp
      Filesize

      1KB

      MD5

      188b94aec16deb16423135e49ebcc879

      SHA1

      a427ae772f4722af0005850f06a382021902474c

      SHA256

      772f1e2aea27c7389918a49546b9e2a8aaf9a5ec6d9b141c4f0553ef5c72fefc

      SHA512

      c03f3b18fd65cc8db7d22f449c70136fd976fcd2531eeacdba17900aaca508232b856e9e828fd614b8f5f817be323af002258dccbdfd51b02010759fb4d1a6f3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
      Filesize

      12KB

      MD5

      4b896c957d79dbc455734891a7bee6f3

      SHA1

      ac686beb9b701e9a960b6181841f7ae32104f71a

      SHA256

      2fab2a2cc6f6d9e27da0339466da1fb97f647209194dfe9c2c0cfc1c606b9fe7

      SHA512

      2506378799a4e09d77a2b56d9abc68b9e940f0f5a70e4b594aefef9793a346ccf8ec802361680f1af1b5dc8de06492ac651057c38e3f5d3b3265fd8468824525

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC985E709C301A45AEA17DA3FEE839D71C.TMP
      Filesize

      1KB

      MD5

      a6f2d21624678f54a2abed46e9f3ab17

      SHA1

      a2a6f07684c79719007d434cbd1cd2164565734a

      SHA256

      ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344

      SHA512

      0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

      Download Submit

    • memory/2556-8-0x00000000000C0000-0x00000000000CA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2556-9-0x000007FEF5FD0000-0x000007FEF69BC000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2556-10-0x000007FEF5FD0000-0x000007FEF69BC000-memory.dmp

      Filesize

      9.9MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.