Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

VirusShare...bb.dll

windows7-x64

8

VirusShare...bb.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    10/06/2024, 04:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_1d819bde0690bc6ef62e6852acca5ebb.dll

  • Size

    246KB

  • MD5

    1d819bde0690bc6ef62e6852acca5ebb

  • SHA1

    5d7ff4871487b44ab7ac596203d8ae5b5a057a84

  • SHA256

    d39857c29515d6107936384d28783caac073a5d85a0f348bd26c7ab591c9655b

  • SHA512

    dfdfa6fa39be84ace484c854502d8cb69f2b0483e620814389d35c4325aaa43663d11f54cd1ed3cb012040e1b8726788dc2b364a83d5f1aa4f3b8474ff5e8347

  • SSDEEP

    3072:zE3YQ57PF9N7AojWe2OV+bJDSZEdA+4+/4ZsBkXqGyLh6tVdRfrnHcVCUanBXzQ+:+ADvOEbJDSiy+oZ+WXhfrn8unNzQri

Score
8/10
evasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_1d819bde0690bc6ef62e6852acca5ebb.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_1d819bde0690bc6ef62e6852acca5ebb.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3024
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:3060
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2088
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2792
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2580
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2580 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2476

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      874184811a05cb455747e97065a155ea

      SHA1

      608032603dc1850b06cf2b74bb035e9316a10f4c

      SHA256

      0ee47a035a86ee7349b26638c2e0ce155195f1c60e0f8cd75cd8841ce013c59b

      SHA512

      ee1a1c502787feacb721f037bb3e0610ee794c8cec527154d3544f79b2cdda01bbdf49828be93961528b08cd40122af5292dab577b66c0c6696a23046a126c89

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5e39d2d35fedc3bc7d3da676463c4621

      SHA1

      be4d747b788977b7e61e72c33cc42d73126daa43

      SHA256

      ec3aded323c0fdf2973f15c9bafea02d6ec08dc1828fd48013341173f08035e3

      SHA512

      83ee413a76f2fe0fcbab71e696fd11b35573f603d8edddfbeff3ae07191359c8afb5e62a6cf30dc647ec0124390f90960ab28aad3f5b4bae8adb7e268dc5e76a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      465bdd853bed5e8e7a65c36b9bb17b96

      SHA1

      61aabe0451835415536efa71c21c977eacfae300

      SHA256

      3976dea2a9fce3e30218f8dbed44194200d68acb7a3b8dbe5ca2f70427402067

      SHA512

      6abf541bb54200d03f0d78c496fea10f96c8dfff156d2749b49173850d684cdd5ae472487f3b866d8b9b68d6ae26aa3e5495b821ddc2fada238ee34e0ab39985

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0efaf8381e63919e5fd2cf9231b4d1c0

      SHA1

      ab52fd0988f056981a5723a794d3a1e0f9213ee0

      SHA256

      3aa22f99fd085de309999c34a7451393cfe374740b3cc8ce0cb9809b4b7ec33d

      SHA512

      a78804615a374ca03b842bbb5088c931158afa89a8aed330463e88b5b39a99c552567ef4ec570275902a001ec34b71a10def1e6e983f82ba8cfc41ece7e64220

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6ace13db399657e5e1c61ddfd14913be

      SHA1

      7478be7e384969733813c6966d74e2e34e975393

      SHA256

      a7c6dd88159c3413ec350e271725bec9779bc80c1e86d9fefec732e8a158e147

      SHA512

      e62d75f2b1916ad28aa09dde441ee21ef2b1cef6d6c2fdc2a3728457baea3108bd70adca1e771614f7bc08aefa9da3d10b67fee73cec28a92fccae9dbb04bf6f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d05c9d0d3a9d7cfb737ef508fbe2abc5

      SHA1

      fdc31a5c194f799dcb054c2159ca0b159256afe1

      SHA256

      47db54a32ceb8d100d6c7255a55b58a868a2c2b0d7ad59d30c4c887ee0a2b7dc

      SHA512

      c500176d7287fcdfe8cdb2dc3503780f58a01c74962bc778d46ec154d022316c3fcebee9d11bce28528e343138190d76217269a24db9c8ae19c57d33202b5d91

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dd56338281d93e588d2de270c18766d8

      SHA1

      788a07cb36a396cd484f8ddd3476721da8fe3d95

      SHA256

      36ecef4c705344877ee5c9d4b63d83a74a33b4a5c20ec242bc26bcc61b3f1eab

      SHA512

      ad242bf62fac9752ed1281bc712b43ac36a2842216fd29a8090fc5cd9611ae68b4a8f47af39e64059cc7ba1ae7ecddc749c00491e4cffea1a0080af52ac63b4b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1d1a931c8574d5adc01dc4c4aaea218e

      SHA1

      42316c0c3756e749a4601710964d6de5e7530fcd

      SHA256

      629201f3a763d834c44c030c3bd7893caba7defb0f894b1f00bae64a9da08045

      SHA512

      d79c6862eb59aedf1765124ea615f330083e614748e3340460011878384b79fba679dae2b40b87193eddc002313d2451718555973060d0fbd1794c5c5a55a775

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b8880cb11b1829888327634a23a5fba9

      SHA1

      41920b6dde167c7af46766787b4a2f8d0e4e6521

      SHA256

      c9c0a017cb884d4320e64ee7102565c0501996bee43e7bb2aa4c4602deeb3ee7

      SHA512

      5f5a3a00c019f51b0e0eedbf00cee8f7e0ea925946d7ea135b60b2819cd5166ce1b0378ffe4b9a7b9c6f966ab88eb211c508c5aed63aa20a244b8bb581d93219

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d6c174a4e6bdd4d33f47554659575678

      SHA1

      43b1b30b3b8e6e00e28f4fa1f59e523b5c0cdf39

      SHA256

      7740611c1d51ad70727b892d0debdf99c8a575ca45b0705a1b418c8477f78552

      SHA512

      264a710aab8edc94e745d5d38fbc8da8ba8db85261b60989bdf73af7180e439d583647ae503745230e40a2e514d7429e1380b03bcaaba5080de94a0946cd8510

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      26f46dd377bf6e4582d92efd88d9103e

      SHA1

      3960aa54638c5edf00c306183281ec2bafbf19ee

      SHA256

      cda64dd9fad92ca9cfeb15e60e55c952cb77f57ee3c210ffce650e74765fdb2f

      SHA512

      1156a1be7f01550735ce353005dfe219ce3b61da09fbc2e0950b1a3b7d53b4dca6735d252b2bef50e10274cc68eb9212a85fac9858af6712d30162e051c9507e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e327d41bd523b619c0e473bb45815749

      SHA1

      5afbc88c9968fd869de6eeebb00834cf18882a44

      SHA256

      fea224cbc0bea62fcaed9ade968275b6855c98e30b4be01108e4e007bb2d2d1c

      SHA512

      a3c3f323d59c10d027917491312d9bb927a30d58d2e5ca5fcb7c4595683e76fb9e4922a82fd8b194ae9b95a28d59fd2d654b68585b7c019bcdd08d48f600f413

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c26344552535f840940a45ca74a819ca

      SHA1

      291691eceaffa0e9ce03d6067cc2b9aee122a960

      SHA256

      65ddac4af0e49eaafabdca349ab2d8f6e6f85d97c59918cd8a387d0d42803965

      SHA512

      72946bc1c2407ed2d39d07098dc90d44645db50f6030c9668d2c7f13e58fab1928eed97bfc07edd05e425d25553ec397629e163269de4d3a5654d3b8475320cc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bb7b143d17442b1d2f7dee27d3474830

      SHA1

      a3bd0b0c6b48ceac83ee0cab4f95b224eb2c330e

      SHA256

      c042ba3484e3e747bac2dc6d6cb840e8b3f6feeb5e3d6058a509d719fa00c0fa

      SHA512

      73a0994bda83afc3e52656708dfd2378a3f94e594cd2fa05b20bbace090e1c2b87a98511a95129fe6747c824591234f36685e6c522ea0780132c7cdf9e6b226f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5a9f25a934f1b76851fa5daece8ceb95

      SHA1

      31f73c71c1ce171a903c7dd6cc84462d9db7d007

      SHA256

      ae15d451ce2795b8101693c541bf2a1c9110021506b20c5bb1cceccb640d3f31

      SHA512

      7010359dcee07f45b8e8d73dd0dfa462087cf15c36f876ec1461c0e40119902b87aba67b6cb36961573225081f2feb6bcabef3798ac1cb02e12ba52b82b4ca9a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8c5d16bbb31013385c1e0df61aba3e16

      SHA1

      fb1c4d309bb89040ce59241fb73f803c324981c3

      SHA256

      cf3238daa8a19a4fe820680fd3e7397883859825dad6d7bb5b180ce8e88d5001

      SHA512

      9a883882429f9bd8ff15387c831d434aa32955da9563ef08d9e2ba0f6f945d6ec5314bbe54cfb06cacd35d24f3475ebf0da35e20f0c96a7b689648b9e8db486e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      02e9e424975d17561ae407b07893305c

      SHA1

      9a9ecf17b7675ff66e02d3f493a330b0fbe92fe3

      SHA256

      ab9053f4ccc474e220c44855130841736d51a35e20187370b25eb1a242daf2c0

      SHA512

      21539e9a6294c00559d8aa5ddd27bd5703283d64d65301725c8fae78b66cb731e67a645805a76ea953db454dd32fce5dff5a38a0341eca8d39514cf40f40016c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c14a6a18fcca7991e5666f55b8612b35

      SHA1

      e141c1e56dea3a18cd0339b42cd7407b5a516f77

      SHA256

      728cfdb2a7ee0756f12ed1e8e57051259dba0e54c6570573cbd9208de5f5e1b4

      SHA512

      71aeb059d09f79ed11218fb7a771bf39d0b1aa80fd58041997934f0487ad0296ca986b414aace668c30257095af0e896ce97e5e13363c32bcaa36c189976f60f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      effbecdf2cf213a4f8799177cf3f8d79

      SHA1

      7b9591ca30d7be4ad7fd54b1c40487c119b18096

      SHA256

      3e1ac09defd246b41eafe866c8c5c93e195abf7487daad5f7cf2a73f37ac36e5

      SHA512

      8fd5c543a37482fbc95179297624ecd3af8f5e850ab9395e81c972a5a966265e914f9de83ffaaee9586c7d7cdcd32fbbe9342fb565d73e7dbf459a1a3ba5b3de

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabD970.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarDA52.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/2088-12-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2088-14-0x0000000000BE0000-0x0000000000C11000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2088-17-0x0000000000BE0000-0x0000000000C11000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2088-13-0x0000000000BE0000-0x0000000000C11000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2088-16-0x0000000000BE0000-0x0000000000C11000-memory.dmp

      Filesize

      196KB

      Download

    • memory/2088-15-0x0000000000210000-0x0000000000212000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2524-11-0x0000000003B10000-0x0000000003B20000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3024-5-0x00000000007B0000-0x00000000007E1000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3024-1-0x0000000000230000-0x0000000000275000-memory.dmp

      Filesize

      276KB

      Download

    • memory/3024-2-0x00000000007B0000-0x00000000007E1000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3024-3-0x00000000007B0000-0x00000000007E1000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3024-9-0x00000000007B0000-0x00000000007E1000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3024-7-0x00000000007B0000-0x00000000007E1000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3024-0-0x00000000001B0000-0x00000000001E1000-memory.dmp

      Filesize

      196KB

      Download

    • memory/3024-19-0x00000000007B0000-0x00000000007E1000-memory.dmp

      Filesize

      196KB

      Download