Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0577b7e8c6...49.exe

windows7-x64

7

0577b7e8c6...49.exe

windows10-2004-x64

9

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

EpsilonFruit.exe

windows7-x64

10

EpsilonFruit.exe

windows10-2004-x64

10

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/...dex.js

windows7-x64

1

resources/...dex.js

windows10-2004-x64

1

resources/....2.bat

windows7-x64

7

resources/....2.bat

windows10-2004-x64

7

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

swiftshade...GL.dll

windows7-x64

1

swiftshade...GL.dll

windows10-2004-x64

1

swiftshade...v2.dll

windows7-x64

1

swiftshade...v2.dll

windows10-2004-x64

1

vk_swiftshader.dll

windows7-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows7-x64

1

vulkan-1.dll

windows10-2004-x64

1

$PLUGINSDI...7z.dll

windows7-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 07:08 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    resources/app.asar.unpacked/node_modules/screenshot-desktop/lib/win32/screenCapture_1.3.2.bat

  • Size

    13KB

  • MD5

    da0f40d84d72ae3e9324ad9a040a2e58

  • SHA1

    4ca7f6f90fb67dce8470b67010aa19aa0fd6253f

  • SHA256

    818350a4fb4146072a25f0467c5c99571c854d58bec30330e7db343bceca008b

  • SHA512

    30b7d4921f39c2601d94a3e3bb0e3be79b4b7b505e52523d2562f2e2f32154d555a593df87a71cddb61b98403265f42e0d6705950b37a155dc1d64113c719fd9

  • SSDEEP

    384:4cr8sEcBeIXxqXhQsBxf5oBLBfXQM8ybCpGW1KTM+:4KEcRQBTxWlPZxWpG+Qx

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
      C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /nologo /r:"Microsoft.VisualBasic.dll" /win32manifest:"app.manifest" /out:"screenCapture_1.3.2.exe" "C:\Users\Admin\AppData\Local\Temp\RESOUR~1\APPASA~1.UNP\NODE_M~1\SCREEN~1\lib\win32\SCREEN~1.BAT"
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious use of WriteProcessMemory
      PID:2980
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1F24.tmp" "c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC1A1FFD0C702C48ADBF8329ECC1935014.TMP"
        3⤵
          PID:3048
      • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
        screenCapture_1.3.2.exe
        2⤵
        • Executes dropped EXE
        PID:2748

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\RES1F24.tmp
      Filesize

      1KB

      MD5

      2fd61f0ed9e8b05abf3d6d95f868add9

      SHA1

      64185f15e327c6a5a782a619462fd32e23bcdfb2

      SHA256

      020292f3d766f35a1265dc6f0be16eff98ae87354eec595220f3d26036c0a97d

      SHA512

      ddb818b1622118622d56172ba961e243c3cd0e08193f21115cb6988f849e9b2f35e7611a13d981075c1205c91266884de29e4b7b1b7624eecccc05a51de578f7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\screenCapture_1.3.2.exe
      Filesize

      12KB

      MD5

      024d0664203fcd3e8013352ed03b4020

      SHA1

      5bc83c1df1f6d5214cbe2ad0bf5bfcef89b2c7ab

      SHA256

      a3e302a8fa37df81d4c647124e51f43f1924c15758f5105ec31aa3c4a5aaf2b8

      SHA512

      bee9870e17803478530e62d952043611e3e4059f2774e9b8f169249fc835fb38a3c9eeb115f7242b091c04e3c7ee0d8475589dc70a7906d4b7654d9c5a0e77d5

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\screenshot-desktop\lib\win32\CSC1A1FFD0C702C48ADBF8329ECC1935014.TMP
      Filesize

      1KB

      MD5

      a6f2d21624678f54a2abed46e9f3ab17

      SHA1

      a2a6f07684c79719007d434cbd1cd2164565734a

      SHA256

      ab96911d094b6070cbfb48e07407371ddb41b86e36628b6a10cdb11478192344

      SHA512

      0b286df41c3887eecff5c38cbd6818078313b555ef001151b41ac11b80466b2f4f39da518ab9c51eeff35295cb39d52824de13e026c35270917d7274f764c676

      Download Submit

    • memory/2748-8-0x0000000000E40000-0x0000000000E4A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2748-9-0x000007FEF5660000-0x000007FEF604C000-memory.dmp

      Filesize

      9.9MB

      Download

    • memory/2748-10-0x000007FEF5660000-0x000007FEF604C000-memory.dmp

      Filesize

      9.9MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.