Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

Plugins/Si...in.dll

windows7-x64

1

Plugins/Si...in.dll

windows10-2004-x64

1

SilverBullet.exe

windows7-x64

1

SilverBullet.exe

windows10-2004-x64

6

amd64/Micr...00.dll

windows7-x64

1

amd64/Micr...00.dll

windows10-2004-x64

1

amd64/Micr...00.dll

windows7-x64

1

amd64/Micr...00.dll

windows10-2004-x64

1

bin/AngleSharp.dll

windows7-x64

1

bin/AngleSharp.dll

windows10-2004-x64

1

bin/BCrypt.Net.dll

windows7-x64

1

bin/BCrypt.Net.dll

windows10-2004-x64

1

bin/Bouncy...to.dll

windows7-x64

1

bin/Bouncy...to.dll

windows10-2004-x64

1

bin/Captch...re.dll

windows7-x64

1

bin/Captch...re.dll

windows10-2004-x64

1

bin/CaptchaSharp.dll

windows7-x64

1

bin/CaptchaSharp.dll

windows10-2004-x64

1

bin/Cloudf...Re.dll

windows7-x64

1

bin/Cloudf...Re.dll

windows10-2004-x64

1

bin/Common...or.dll

windows7-x64

1

bin/Common...or.dll

windows10-2004-x64

1

bin/ControlzEx.dll

windows7-x64

1

bin/ControlzEx.dll

windows10-2004-x64

1

bin/CryptSharp.dll

windows7-x64

1

bin/CryptSharp.dll

windows10-2004-x64

1

bin/EO.Base.dll

windows7-x64

1

bin/EO.Base.dll

windows10-2004-x64

1

bin/EO.Web...pf.dll

windows7-x64

1

bin/EO.Web...pf.dll

windows10-2004-x64

1

bin/EO.WebBrowser.dll

windows7-x64

1

bin/EO.WebBrowser.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11/06/2024, 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SilverBullet.exe

  • Size

    2.2MB

  • MD5

    0267076b75cdcfa7ea98aba0bf033aee

  • SHA1

    e168f887d26f0f752ef9e28ffc154b9afc1f1783

  • SHA256

    9f160d80765337c3609242b9d0bd4d16856e1d57a7c2ff55ce8b00b45e5bea81

  • SHA512

    18899a1b90a85ef2adbc71224d51ae51ea7e87662f71ff498734cf8a267aafd1c265bdb5a78b78437168f825ff28d894420ffdeb6af1653d150740b93d487122

  • SSDEEP

    24576:ySvh1TfFIH9gYRRcY+32oQRLwDQF4eaE2cZPeAgF7H2oQRLwDCTCnVHtLOgTqEjK:y0h/7DQB/FOLDQB2zOQB

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SilverBullet.exe
    "C:\Users\Admin\AppData\Local\Temp\SilverBullet.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=SilverBullet.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1760
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1760 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2764
        • C:\Windows\SysWOW64\msdt.exe
          -modal 327708 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDFCC83.tmp -ep NetworkDiagnosticsWeb
          4⤵
          • Suspicious use of FindShellTrayWindow
          PID:2840
  • C:\Windows\SysWOW64\sdiagnhost.exe
    C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
    1⤵
      PID:1924
    • C:\Windows\SysWOW64\sdiagnhost.exe
      C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
      1⤵
        PID:3008
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        1⤵
          PID:888

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061115.000\NetworkDiagnostics.0.debugreport.xml
          Filesize

          67KB

          MD5

          19d820f6f1838fe9ea78a4068f1ffa60

          SHA1

          ee457bc653b7700eb18871a9d4ca7f4180bae283

          SHA256

          a15649ca72f38d74b3cc326ae7c5f619e34e97e7a21dd0a6f4428603a5b3480f

          SHA512

          49d1bd0c2f9fc8b85fb91be67f49b6e73215c5c7e4688419a74f42010bdbdfd216a50eb898b08fe2db79868f413a06ab665a1a610103e91ca612d99461f710ec

          Download Submit

        • C:\Users\Admin\AppData\Local\ElevatedDiagnostics\460911090\2024061115.000\NetworkDiagnostics.1.debugreport.xml
          Filesize

          8KB

          MD5

          7bdffcd33b93582ffc3b8ac49d3afa6e

          SHA1

          03f0d51d27a3e6dfb7d46376d4bbae637f02e3ff

          SHA256

          29892687770579bc8723408cebf6181f8d3312d423a8111202ec7178c4169f79

          SHA512

          8195e2bbffbf94b79501ef75138adf55747a30da2f7e6c7c37289296792ef9bd57f396c7f25ccdfe0556519d37f9f3eedba8e0544e02c82b920a9474638a175b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\NDFCC83.tmp
          Filesize

          4KB

          MD5

          fa2ee21d984c975c3eeff7920509b341

          SHA1

          097772b6c55ce5cb15ca8b5cd018bcd24c4c34b4

          SHA256

          258e351e560c6fa57b9b6a8efa15ac84bbed05c9feb0e4f0746e475307d5762d

          SHA512

          5677be04e29356c8c96c97b82fa3dfd597ab843b6fd8384901bd7b97122fb76745fbcb01322da3d11455e7d38fd3e5768046a58a173104115ad2b5a976180fe2

          Download Submit

        • C:\Windows\TEMP\SDIAG_5da3ca8b-90a3-47b7-8799-23c30ff9257f\NetworkDiagnosticsTroubleshoot.ps1
          Filesize

          23KB

          MD5

          1d192ce36953dbb7dc7ee0d04c57ad8d

          SHA1

          7008e759cb47bf74a4ea4cd911de158ef00ace84

          SHA256

          935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756

          SHA512

          e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

          Download Submit

        • C:\Windows\TEMP\SDIAG_5da3ca8b-90a3-47b7-8799-23c30ff9257f\StartDPSService.ps1
          Filesize

          567B

          MD5

          a660422059d953c6d681b53a6977100e

          SHA1

          0c95dd05514d062354c0eecc9ae8d437123305bb

          SHA256

          d19677234127c38a52aec23686775a8eb3f4e3a406f4a11804d97602d6c31813

          SHA512

          26f8cf9ac95ff649ecc2ed349bc6c7c3a04b188594d5c3289af8f2768ab59672bc95ffefcc83ed3ffa44edd0afeb16a4c2490e633a89fce7965843674d94b523

          Download Submit

        • C:\Windows\TEMP\SDIAG_5da3ca8b-90a3-47b7-8799-23c30ff9257f\UtilityFunctions.ps1
          Filesize

          52KB

          MD5

          2f7c3db0c268cf1cf506fe6e8aecb8a0

          SHA1

          fb35af6b329d60b0ec92e24230eafc8e12b0a9f9

          SHA256

          886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3

          SHA512

          322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

          Download Submit

        • C:\Windows\TEMP\SDIAG_5da3ca8b-90a3-47b7-8799-23c30ff9257f\UtilitySetConstants.ps1
          Filesize

          2KB

          MD5

          0c75ae5e75c3e181d13768909c8240ba

          SHA1

          288403fc4bedaacebccf4f74d3073f082ef70eb9

          SHA256

          de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

          SHA512

          8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

          Download Submit

        • C:\Windows\TEMP\SDIAG_5da3ca8b-90a3-47b7-8799-23c30ff9257f\en-US\LocalizationData.psd1
          Filesize

          5KB

          MD5

          dc9be0fdf9a4e01693cfb7d8a0d49054

          SHA1

          74730fd9c9bd4537fd9a353fe4eafce9fcc105e6

          SHA256

          944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440

          SHA512

          92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

          Download Submit

        • C:\Windows\Temp\SDIAG_5da3ca8b-90a3-47b7-8799-23c30ff9257f\DiagPackage.dll
          Filesize

          478KB

          MD5

          4dae3266ab0bdb38766836008bf2c408

          SHA1

          1748737e777752491b2a147b7e5360eda4276364

          SHA256

          d2ff079b3f9a577f22856d1be0217376f140fcf156e3adf27ebe6149c9fd225a

          SHA512

          91fb8abd1832d785cd5a20da42c5143cd87a8ef49196c06cfb57a7a8de607f39543e8a36be9207842a992769b1c3c55d557519e59063f1f263b499f01887b01b

          Download Submit

        • C:\Windows\Temp\SDIAG_5da3ca8b-90a3-47b7-8799-23c30ff9257f\en-US\DiagPackage.dll.mui
          Filesize

          13KB

          MD5

          1ccc67c44ae56a3b45cc256374e75ee1

          SHA1

          bbfc04c4b0220ae38fa3f3e2ea52b7370436ed1f

          SHA256

          030191d10ffb98cecd3f09ebdc606c768aaf566872f718303592fff06ba51367

          SHA512

          b67241f4ad582e50a32f0ecf53c11796aef9e5b125c4be02511e310b85bdfa3796579bbf3f0c8fe5f106a5591ec85e66d89e062b792ea38ca29cb3b03802f6c6

          Download Submit

        • C:\Windows\Temp\SDIAG_c5bca8ec-1110-4ec9-adb1-09a62bca06bf\DiagPackage.diagpkg
          Filesize

          152KB

          MD5

          c9fb87fa3460fae6d5d599236cfd77e2

          SHA1

          a5bf8241156e8a9d6f34d70d467a9b5055e087e7

          SHA256

          cde728c08a4e50a02fcff35c90ee2b3b33ab24c8b858f180b6a67bfa94def35f

          SHA512

          f4f0cb1b1c823dcd91f6cfe8d473c41343ebf7ed0e43690eecc290e37cee10c20a03612440f1169eef08cc8059aaa23580aa76dd86c1704c4569e8139f9781b3

          Download Submit

        • C:\Windows\Temp\SDIAG_c5bca8ec-1110-4ec9-adb1-09a62bca06bf\result\results.xsl
          Filesize

          47KB

          MD5

          310e1da2344ba6ca96666fb639840ea9

          SHA1

          e8694edf9ee68782aa1de05470b884cc1a0e1ded

          SHA256

          67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

          SHA512

          62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

          Download Submit

        • memory/2840-360-0x0000000000250000-0x0000000000251000-memory.dmp

          Filesize

          4KB

          Download