2ce267bc9f667c070be13be256344023b02850182cdb1e91b074464aafd78a9f

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

iUnlock GS...I2.dll

windows7-x64

iUnlock GS...I2.dll

windows10-2004-x64

iUnlock GS...ce.dll

windows7-x64

iUnlock GS...ce.dll

windows10-2004-x64

iUnlock GS...UI.dll

windows7-x64

iUnlock GS...UI.dll

windows10-2004-x64

iUnlock GS...UI.dll

windows7-x64

iUnlock GS...UI.dll

windows10-2004-x64

iUnlock GS...on.dll

windows7-x64

iUnlock GS...on.dll

windows10-2004-x64

iUnlock GS...ns.dll

windows7-x64

iUnlock GS...ns.dll

windows10-2004-x64

iUnlock GS...on.dll

windows7-x64

iUnlock GS...on.dll

windows10-2004-x64

iUnlock GS...et.dll

windows7-x64

iUnlock GS...et.dll

windows10-2004-x64

iUnlock GS...ce.dll

windows7-x64

iUnlock GS...ce.dll

windows10-2004-x64

iUnlock GS...sk.exe

windows7-x64

iUnlock GS...sk.exe

windows10-2004-x64

iUnlock GS...09.dll

windows7-x64

iUnlock GS...09.dll

windows10-2004-x64

iUnlock GS...bK.dll

windows7-x64

iUnlock GS...bK.dll

windows10-2004-x64

iUnlock GS...r2.dll

windows7-x64

iUnlock GS...r2.dll

windows10-2004-x64

iUnlock GS...09.dll

windows7-x64

iUnlock GS...09.dll

windows10-2004-x64

iUnlock GS...86.dll

windows7-x64

iUnlock GS...86.dll

windows10-2004-x64

iUnlock GS...r2.dll

windows7-x64

iUnlock GS...r2.dll

windows10-2004-x64

Analysis

max time kernel
6s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 00:41

Sharing

Copy URL

Twitter E-mail

Static task

static1

agilenet

2 signatures

Behavioral task

behavioral1

Sample

iUnlock GSM Ramdisk/Guna.UI2.dll

Resource

win7-20240705-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

iUnlock GSM Ramdisk/Guna.UI2.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

iUnlock GSM Ramdisk/MobileDevice.dll

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

iUnlock GSM Ramdisk/MobileDevice.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

iUnlock GSM Ramdisk/SaaUI.dll

Resource

win7-20240705-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

iUnlock GSM Ramdisk/SaaUI.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

iUnlock GSM Ramdisk/Siticone.Desktop.UI.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

iUnlock GSM Ramdisk/Siticone.Desktop.UI.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

iUnlock GSM Ramdisk/SunnyUI.Common.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

iUnlock GSM Ramdisk/SunnyUI.Common.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

iUnlock GSM Ramdisk/System.ComponentModel.Annotations.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

iUnlock GSM Ramdisk/System.ComponentModel.Annotations.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

iUnlock GSM Ramdisk/System.Drawing.Common.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

iUnlock GSM Ramdisk/System.Drawing.Common.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

iUnlock GSM Ramdisk/TinyHome.Renci.SshNet.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

iUnlock GSM Ramdisk/TinyHome.Renci.SshNet.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

iUnlock GSM Ramdisk/iTunesMobileDevice.dll

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

iUnlock GSM Ramdisk/iTunesMobileDevice.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

iUnlock GSM Ramdisk/iUnlock GSM Ramdisk.exe

Resource

win7-20240220-en

agilenet

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral20

Sample

iUnlock GSM Ramdisk/iUnlock GSM Ramdisk.exe

Resource

win10v2004-20240704-en

agilenet

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral21

Sample

iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/amd64/WdfCoInstaller01009.dll

Resource

win7-20240705-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/amd64/WdfCoInstaller01009.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/amd64/libusbK.dll

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/amd64/libusbK.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/amd64/winusbcoinstaller2.dll

Resource

win7-20240704-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral26

Sample

iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/amd64/winusbcoinstaller2.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/x86/WdfCoInstaller01009.dll

Resource

win7-20240704-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/x86/WdfCoInstaller01009.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral29

Sample

iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/x86/libusbK_x86.dll

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral30

Sample

iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/x86/libusbK_x86.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral31

Sample

iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/x86/winusbcoinstaller2.dll

Resource

win7-20240705-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral32

Sample

iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/x86/winusbcoinstaller2.dll

Resource

win10v2004-20240704-en

windows10-2004-x64

2 signatures

150 seconds

Report Analysis Logs

General

Target

iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/amd64/winusbcoinstaller2.dll
Size

979KB
MD5

246900ce6474718730ecd4f873234cf5
SHA1

0c84b56c82e4624824154d27926ded1c45f4b331
SHA256

981a17effddbc20377512ddaec9f22c2b7067e17a3e2a8ccf82bb7bb7b2420b6
SHA512

6a9e305bfbfb57d8f8fd16edabef9291a8a97e4b9c2ae90622f6c056e518a0a731fbb3e33a2591d87c8e4293d0f983ec515e6a241792962257b82401a8811d5c
SSDEEP

24576:aAEBXzGJ7fW6hHv62VYeL7WCE3wixdLZWQzMjp:uBXQz/hPzxRwPdcO

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 2524	1072	rundll32.exe	29
PID 1072 wrote to memory of 2524	1072	rundll32.exe	29
PID 1072 wrote to memory of 2524	1072	rundll32.exe	29

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\iUnlock GSM Ramdisk\lib\.GASTER\.AppleMobileDeviceDFUMode\amd64\winusbcoinstaller2.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1072 -s 152
  2⤵
  PID:2524

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads