Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

New folder (10).rar

windows7-x64

3

New folder (10).rar

windows10-2004-x64

3

New folder...ic.exe

windows7-x64

3

New folder...ic.exe

windows10-2004-x64

3

New folder...lo.lua

windows7-x64

3

New folder...lo.lua

windows10-2004-x64

3

New folder...ec.lnk

windows7-x64

3

New folder...ec.lnk

windows10-2004-x64

3

New folder...ce.lnk

windows7-x64

3

New folder...ce.lnk

windows10-2004-x64

3

New folder...LL.dll

windows7-x64

9

New folder...LL.dll

windows10-2004-x64

9

New folder...ic.xml

windows7-x64

1

New folder...ic.xml

windows10-2004-x64

1

New folder...er.txt

windows7-x64

1

New folder...er.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 20:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New folder (10)/bin/ArticDLL.dll

  • Size

    9.2MB

  • MD5

    602aa90fe7c3d3dd958d041a28c01cf2

  • SHA1

    a2cbc3bde48d8d764917dde1b56146e4a7a51a1f

  • SHA256

    9f57c170461a90629a3a54149011ddffb321ba17ce6c5a2ad29dd3f953479499

  • SHA512

    c756b3576bd77e6bb4eaaa886a6292b6edb3861d7865aa9f17359e1b071b7adf74ab2ffaf8e66b8f15948ae18e744273b9c3c233c0569362774bf78ca4e554d9

  • SSDEEP

    196608:IDPZpEhP272r1ZULbBw+CjVrLqr/C0dnbX7Hv0vwJLt2IBFS2mSeIN:lhPZBGLbEF+r/Ck8v2LEIPp

Score
9/10
evasiontrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\New folder (10)\bin\ArticDLL.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\New folder (10)\bin\ArticDLL.dll",#1
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Checks whether UAC is enabled
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2060-0-0x0000000010000000-0x0000000011642000-memory.dmp

    Filesize

    22.3MB

    Download

  • memory/2060-1-0x0000000010000000-0x0000000011642000-memory.dmp

    Filesize

    22.3MB

    Download

  • memory/2060-2-0x0000000010000000-0x0000000011642000-memory.dmp

    Filesize

    22.3MB

    Download

  • memory/2060-4-0x0000000076FA0000-0x0000000076FA2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2060-3-0x0000000010000000-0x0000000011642000-memory.dmp

    Filesize

    22.3MB

    Download

  • memory/2060-5-0x0000000010000000-0x0000000011642000-memory.dmp

    Filesize

    22.3MB

    Download

  • memory/2060-6-0x0000000010000000-0x0000000011642000-memory.dmp

    Filesize

    22.3MB

    Download

  • memory/2060-7-0x0000000010000000-0x0000000011642000-memory.dmp

    Filesize

    22.3MB

    Download

  • memory/2060-8-0x0000000010000000-0x0000000011642000-memory.dmp

    Filesize

    22.3MB

    Download