Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

1775982923...18.exe

windows7-x64

7

1775982923...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Lang/__init__.py

windows7-x64

3

Lang/__init__.py

windows10-2004-x64

3

Lang/__init__.pyc

windows7-x64

3

Lang/__init__.pyc

windows10-2004-x64

3

Lang/lang.py

windows7-x64

3

Lang/lang.py

windows10-2004-x64

3

Lang/lang.pyc

windows7-x64

3

Lang/lang.pyc

windows10-2004-x64

3

MSVCR71.dll

windows7-x64

3

MSVCR71.dll

windows10-2004-x64

3

MyTorrentD...er.exe

windows7-x64

1

MyTorrentD...er.exe

windows10-2004-x64

1

MyTorrentD...er.url

windows7-x64

6

MyTorrentD...er.url

windows10-2004-x64

3

Uninst.exe

windows7-x64

7

Uninst.exe

windows10-2004-x64

7

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

_controls_.dll

windows7-x64

1

_controls_.dll

windows10-2004-x64

1

_core_.dll

windows7-x64

1

_core_.dll

windows10-2004-x64

1

_gdi_.dll

windows7-x64

1

_gdi_.dll

windows10-2004-x64

1

_hashlib.dll

windows7-x64

1

_hashlib.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    27/06/2024, 20:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    _controls_.dll

  • Size

    888KB

  • MD5

    1c962401ce16ea2c1688927b4b97ee26

  • SHA1

    679ee1d219e5d1585b7a015d50e97fb3764d9f28

  • SHA256

    e7b604fb6535b7e0f88e146e3167c4fb241da3575bd8dd8fa01b828ea580fd86

  • SHA512

    eeaf2b1fdea57d6ae89d14ce2b07787ac791dad3986230202f9996c165261ed690d54fed795a1e46af63b5e8e352e68ab5ca9d663d73c12018a06c37b1d6bce0

  • SSDEEP

    6144:X/VTMyE/JbLhZGyp9OqBroB5Zz6HQ0XUXdoHA6mTgxofz6F7e4OqVROhEjsCauet:1MZ/JLznOuc9DhSPIezW/Pfld

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\_controls_.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1876
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\_controls_.dll,#1
      2⤵
        PID:1460

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1460-0-0x0000000000890000-0x00000000009C0000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/1460-2-0x0000000000150000-0x00000000001A6000-memory.dmp

      Filesize

      344KB

      Download

    • memory/1460-4-0x00000000021E0000-0x00000000024EA000-memory.dmp

      Filesize

      3.0MB

      Download

    • memory/1460-5-0x0000000000250000-0x00000000002FC000-memory.dmp

      Filesize

      688KB

      Download