Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

droidkit-de-setup.exe

windows10-2004-x64

5

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...Vs.dll

windows10-2004-x64

3

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows10-2004-x64

7

$PLUGINSDI...00.dll

windows10-2004-x64

1

$PLUGINSDI...00.dll

windows10-2004-x64

1

$PLUGINSDIR/nsDui.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$PLUGINSDI...ll.exe

windows10-2004-x64

5

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...el.dll

windows10-2004-x64

7

$PLUGINSDI...tn.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI..._1.dll

windows10-2004-x64

3

$PLUGINSDI..._1.dll

windows10-2004-x64

1

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...ry.dll

windows10-2004-x64

3

$PLUGINSDIR/un.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    51s
  • max time network
    51s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2024, 09:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/un.exe

  • Size

    7.4MB

  • MD5

    839640ba4c87b4a0fbd4d81fc54f8f51

  • SHA1

    0fdf3cf3685de715f8206400a232bf389ce319d6

  • SHA256

    58b8642b2665efde3974c18c2613b6e27dcf31fbb4b048339f93b2019c26d6df

  • SHA512

    14b97fd80c8b58422949b9d8db2660e93c6ee7c41873e8388cc9b62396e791f346346465527088a50a58d6d9a358e21a8652a0934149dd6ed3947841a7e59354

  • SSDEEP

    196608:SypQHMyhZz21iDr7Q8WjqvQ80j1FA9Epvk5MABT/4l8mBx88w:SypH+gADr70Wv6DA9G85nrc5lw

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\un.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\un.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3764

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
No results found
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    330 B
     5

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

    DNS Request

    8.8.8.8.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3764-0-0x000000007458E000-0x000000007458F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3764-1-0x0000000000240000-0x00000000009B4000-memory.dmp

    Filesize

    7.5MB

    Download

  • memory/3764-2-0x0000000074580000-0x0000000074D30000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/3764-4-0x0000000074580000-0x0000000074D30000-memory.dmp

    Filesize

    7.7MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.