Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

4d74f3403a...8d.exe

windows7-x64

7

4d74f3403a...8d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    127s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/05/2024, 18:24 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe

  • Size

    4.8MB

  • MD5

    a27b6b33cc2cee1a61926854f1731caf

  • SHA1

    a66c561ae43684b5ecd75629a7f2cce0f2ae08c6

  • SHA256

    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d

  • SHA512

    3767625a6c49b37953c5d0bc4c564180caf868855c0f2e9f97d96cf4c08395ea437fe3e206fec7d9ee70f0fb531dcf04cc2226f1de30cf77d0452062783f4943

  • SSDEEP

    98304:seLpmrmc2lAu28lkcf5YjovKqGYiOE8oLj5YINfSyo8aXI:TcmZl85gyjovK65E8ob5Sx8aXI

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    "C:\Users\Admin\AppData\Local\Temp\4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    PID:912

Network

  • flag-us
    DNS
    zhushou.ludashi.com
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    Remote address:
    8.8.8.8:53
    Request
    zhushou.ludashi.com
    IN A
    Response
    zhushou.ludashi.com
    IN A
    120.27.83.10
  • flag-us
    DNS
    s.ludashi.com
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    Remote address:
    8.8.8.8:53
    Request
    s.ludashi.com
    IN A
    Response
    s.ludashi.com
    IN A
    106.15.136.209
  • flag-us
    DNS
    l.public.ludashi.com
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    Remote address:
    8.8.8.8:53
    Request
    l.public.ludashi.com
    IN A
    Response
    l.public.ludashi.com
    IN A
    118.190.210.73
  • 120.27.83.10:80
    zhushou.ludashi.com
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    152 B
     3
  • 106.15.136.209:80
    s.ludashi.com
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    152 B
     3
  • 120.27.83.10:80
    zhushou.ludashi.com
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    152 B
     3
  • 106.15.136.209:80
    s.ludashi.com
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    152 B
     3
  • 118.190.210.73:80
    l.public.ludashi.com
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    152 B
     3
  • 106.15.136.209:80
    s.ludashi.com
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    152 B
     3
  • 106.15.136.209:80
    s.ludashi.com
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    152 B
     3
  • 106.15.136.209:80
    s.ludashi.com
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    152 B
     3
  • 106.15.136.209:80
    s.ludashi.com
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    152 B
     3
  • 106.15.136.209:80
    s.ludashi.com
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    152 B
     3
  • 8.8.8.8:53
    zhushou.ludashi.com
    dns
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    65 B
     81 B
     1
    1

    DNS Request

    zhushou.ludashi.com

    DNS Response

    120.27.83.10

  • 8.8.8.8:53
    s.ludashi.com
    dns
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    59 B
     75 B
     1
    1

    DNS Request

    s.ludashi.com

    DNS Response

    106.15.136.209

  • 8.8.8.8:53
    l.public.ludashi.com
    dns
    4d74f3403a9801b5457d95f28547ea6ca16d9b39d23c75ee77045b84cb980d8d.exe
    66 B
     82 B
     1
    1

    DNS Request

    l.public.ludashi.com

    DNS Response

    118.190.210.73

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\LDSGameMaster\Store\360Base\360NetUL.dll
    Filesize

    234KB

    MD5

    cd03029957ebc78c0ca7a6c02a9ca846

    SHA1

    0044114b8073781479044f0294701be9611be2ac

    SHA256

    139fdd92e6ddf1aac0761a68502b374daa32e82039621018511dc491ed9b4048

    SHA512

    14c641cb9536def0ddc1969d50b97b83a23017c97373e3ad74d3fbf9825ac81f3fdf8169281c8ad4cebd45d9c9ae05f752d553ba4653e620889b274479cb7c32

    Download Submit

  • \Users\Admin\AppData\Local\LDSGameMaster\Store\360Base\Utils\LDSBasic.dll
    Filesize

    2.1MB

    MD5

    c35ab236702291f1a2d090af8ea253d9

    SHA1

    d7f58f0f5fee6b26564af3c5d7ab6defe5a4608d

    SHA256

    c4dba892a9a1fb675d06dd615c4fc079e9f4e12a8368e8bd18e37137ed567f35

    SHA512

    87a3fa1927ad2fad117055411a471be95275a4d4bf99ee3ab522faee70067b239bb77ddd94c4300958607efd4a3fc071df2262754557fca2530e70f2c438a068

    Download Submit

  • \Users\Admin\AppData\Local\Temp\{4BE3593F-36FD-47f9-8806-E62E4D817F97}.tmp\7z.dll
    Filesize

    1.1MB

    MD5

    a46135bdd574092d85955070e72d5aad

    SHA1

    aad137b0a883fea22b7118778512ffc7865513bc

    SHA256

    aa57160684feb240a85da677caaf7cf6a08b7349d89ae9cb4a3476884d80aac5

    SHA512

    72188f348d9ae33e2b5a7886c80667cc3015bfac170249537baa9e31abf8d63ca198903206feb64887f1d509a1b9bfc9f54ede8b3aa26bee3f5c4375e5c6a24b

    Download Submit

  • memory/912-34-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/912-35-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

    Filesize

    4KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.