Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

b622013c43...dd.exe

windows7-x64

7

b622013c43...dd.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

$PLUGINSDI...cs.exe

windows7-x64

1

$PLUGINSDI...cs.exe

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

ADManage.dll

windows7-x64

1

ADManage.dll

windows10-2004-x64

8

BugReporter.exe

windows7-x64

1

BugReporter.exe

windows10-2004-x64

1

InstAsm.exe

windows7-x64

1

InstAsm.exe

windows10-2004-x64

1

LiveInstHlp.dll

windows7-x64

3

LiveInstHlp.dll

windows10-2004-x64

3

OcxHelper.exe

windows7-x64

1

OcxHelper.exe

windows10-2004-x64

1

PinItem.vbs

windows7-x64

1

PinItem.vbs

windows10-2004-x64

1

QQLive.exe

windows7-x64

1

QQLive.exe

windows10-2004-x64

1

QQLiveBrowser.exe

windows7-x64

1

QQLiveBrowser.exe

windows10-2004-x64

1

QQLiveExternal.dll

windows7-x64

1

QQLiveExternal.dll

windows10-2004-x64

1

QQLiveService.exe

windows7-x64

1

QQLiveService.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/06/2024, 07:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd.exe

  • Size

    4.8MB

  • MD5

    a35512a9f32638b946315b98fbb2bae8

  • SHA1

    5e63dcf72a6a6ef62b6cc6a154019b4ce8931724

  • SHA256

    b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd

  • SHA512

    a3ebf1626de001c8bedc514ee9278484008ed43329be7087707b8ad525f2019ab4143cc5eaf35ab636cc5a573f26059206a48cd5565220b7a098f803c64b7cd7

  • SSDEEP

    98304:HbGOC/hCLjrg5bDuobo/ozBmz9+77Ez6d/dWH25TR+YEinJ5rJUgZX8Q97:HCO2hCLj4fo/oVk+szaVv+YEqJ5rJD8k

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd.exe
    "C:\Users\Admin\AppData\Local\Temp\b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd.exe"
    1⤵
    • Loads dropped DLL
    • Writes to the Master Boot Record (MBR)
    • Modifies registry class
    PID:2928
    • C:\Users\Admin\AppData\Local\Temp\nsw3DD6.tmp\Statistics.exe
      "C:\Users\Admin\AppData\Local\Temp\nsw3DD6.tmp\Statistics.exe" cmd=2567&ctype=1&itype=11&ver=9.16.1659.0&str1=0B393BACB36C90A2E170A40CE164EE21&str2=channel1&vid=explorer.exe&url=b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd.exe
      2⤵
        PID:2344

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsw3DD6.tmp\InstallHelper.dll
      Filesize

      312KB

      MD5

      e13a38e0bf5ec7e8a95b3d2debd170d6

      SHA1

      6ee4305ccd42970acad7f00bb9aafd0b4be246be

      SHA256

      00afe265d9bc6af1eee8853d64234ac8e2aa42ad1169a4e8bd39e9a1b75c1cfa

      SHA512

      bf0a638617a5aaf31cc790adf6c0dad37156d450b92c3a3480bcbb7e682633f7e8de30c4ca5732a6fd023112cdfa106ec920127a50e335473ad4d80a2de8947c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsw3DD6.tmp\ProcDll.dll
      Filesize

      1.4MB

      MD5

      782946212ed94c1e891f31592c65fffc

      SHA1

      c05d47da2f576da8c9d4b2d08e6eb7eb59567c02

      SHA256

      6320db35a424767ed778e27339d8bbeaea839beeb3612142a281111e431d004f

      SHA512

      b7006fbb4de0a98c616db0c999a0dc8bbc2749bc00fa4aa8b4790fa0c7de405c9efae4adfd887c4001bf14673d4b9b8ae04962ec97bc6c0190c48e89a6746553

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsw3DD6.tmp\Statistics.exe
      Filesize

      308KB

      MD5

      6b9d2f2e83954add7ec0afc8cb47e00f

      SHA1

      b78ccebb951984ec748ebbf79cba773f7b961e51

      SHA256

      bfcadb38828816781102a5b5096c9c3c06449e740af994a8c02da18b0c581eeb

      SHA512

      82c95e2e744d6445b060a4be93192bcf42138eae755ee754204300fbbad93632ddc4672ad1fd290eec3a623792280270d07f32704d06040260bc827decab8ea5

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsw3DD6.tmp\System.dll
      Filesize

      18KB

      MD5

      92fc9e50e8511609257cb59f633f13d6

      SHA1

      f95f0df12deb5dc4b281732d983bb2c103c17b56

      SHA256

      953ba87a30cbe067408e75bba9fe750c0e60270607aba1ec953bd730c337fe3b

      SHA512

      fe4a4d3e6ba6ae0bb2194f7667443dd5be591ef2e9b1f792d80d7ed3ad1685858dbb856548f01d5a73e80cd9cdb144f24f4d517f8f91b2eb376606c325041093

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\nsw3DD6.tmp\pic\shadow_active.png
      Filesize

      4KB

      MD5

      c3cddafea6c6fa8dd2f23f9a6e18dd98

      SHA1

      d50fca37045eaa24f87fe295b78b3269e12f7f67

      SHA256

      c1be0784d3a780ccaf5ddb89ec657cac39b14b37c617d843f9e666793e4d8b41

      SHA512

      c44c3d45eb6b59bac77e93e73ccf3b69edf1a51c07ad987d2a1ea6f4c0a3d4395325f905a2f4ff5906143be7b94ed8acf2c45afeffb39710f9d35edffdf5e1d8

      Download Submit

    • memory/2928-11-0x0000000003320000-0x000000000348B000-memory.dmp

      Filesize

      1.4MB

      Download