Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

BetterShad....0.exe

windows7-x64

7

BetterShad....0.exe

windows10-2004-x64

7

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/app-64.7z

windows7-x64

3

$PLUGINSDIR/app-64.7z

windows10-2004-x64

3

BetterShaders.exe

windows10-2004-x64

7

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows10-2004-x64

1

$PLUGINSDI...7z.dll

windows7-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/app-64.7z

  • Size

    71.0MB

  • MD5

    f1b5f5e59b3dac8700621b9e32830c3a

  • SHA1

    9fa6965723442013a92bc383cfc56cc7e5f69950

  • SHA256

    ac23500ea97cc3b242d29e292f70c7a2eef4d21393dcd16646b4399880bc0412

  • SHA512

    cb8a3570220f8e573f864dab6f9f671948847bce258cdea49636b178e9657e6f485f3e5cc706b84dad81e7bc64089895ba5bbd7111635ac43a4019ca60b290da

  • SSDEEP

    1572864:aVg6PFyMnotsYEb/aSY+NPZS7oYpbswqeHHVBqXda6LpVAI6/:aVnZnwsYGaTe4lRqeH1BqXdt4I6/

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2732
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z
        3⤵
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2760
        • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
          "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app-64.7z"
          4⤵
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          PID:2356

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    5ab93e40bc2a886d9e7e6cf80656de19

    SHA1

    bc0a19af85729ae1e25ceff6157af814fcf22366

    SHA256

    80fc5e3544a340a2b951207e6cea301745980a2f57f944c0a075f2ef44eec0a0

    SHA512

    87336356d1d34d9612c74a14e19f051fbe41f1ff4a1ec7b9e74f5c0ceb3b7980730501f83c673cf3aee10ce55260ba231d6ecf227f90e72040836754002503c5

    Download Submit