Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3lmms-1.2.2-win64.exe
windows7-x64
7lmms-1.2.2-win64.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3Qt5Core.dll
windows7-x64
1Qt5Core.dll
windows10-2004-x64
1Qt5Gui.dll
windows7-x64
1Qt5Gui.dll
windows10-2004-x64
1Qt5Widgets.dll
windows7-x64
1Qt5Widgets.dll
windows10-2004-x64
1Qt5Xml.dll
windows7-x64
1Qt5Xml.dll
windows10-2004-x64
1SDL.dll
windows7-x64
1SDL.dll
windows10-2004-x64
1Uninstall.exe
windows7-x64
7Uninstall.exe
windows10-2004-x64
7libFLAC-8.dll
windows7-x64
1libFLAC-8.dll
windows10-2004-x64
1libfftw3f-3.dll
windows7-x64
1libfftw3f-3.dll
windows10-2004-x64
1libfltk.dll
windows7-x64
1libfltk.dll
windows10-2004-x64
1libfluidsynth.dll
windows7-x64
1libfluidsynth.dll
windows10-2004-x64
1libgig-6.dll
windows7-x64
1libgig-6.dll
windows10-2004-x64
1Analysis
-
max time kernel
186s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
02/08/2024, 21:43
Static task
static1
Behavioral task
behavioral1
Sample
lmms-1.2.2-win64.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
lmms-1.2.2-win64.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
Qt5Core.dll
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
Qt5Core.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
Qt5Gui.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
Qt5Gui.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
Qt5Widgets.dll
Resource
win7-20240705-en
Behavioral task
behavioral16
Sample
Qt5Widgets.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
Qt5Xml.dll
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
Qt5Xml.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
SDL.dll
Resource
win7-20240704-en
Behavioral task
behavioral20
Sample
SDL.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
Uninstall.exe
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
Uninstall.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
libFLAC-8.dll
Resource
win7-20240729-en
Behavioral task
behavioral24
Sample
libFLAC-8.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
libfftw3f-3.dll
Resource
win7-20240729-en
Behavioral task
behavioral26
Sample
libfftw3f-3.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
libfltk.dll
Resource
win7-20240705-en
Behavioral task
behavioral28
Sample
libfltk.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
libfluidsynth.dll
Resource
win7-20240708-en
Behavioral task
behavioral30
Sample
libfluidsynth.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
libgig-6.dll
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
libgig-6.dll
Resource
win10v2004-20240802-en
General
-
Target
$PLUGINSDIR/UserInfo.dll
-
Size
6KB
-
MD5
7f780de67db61a924bebc0cafaded3ad
-
SHA1
3ac359dce08ceff16e4214fe45d83fdc8e3f2e1a
-
SHA256
9931a2f8bb44b92ff26062b99cbb6e41ed1cfad65079dec5d6d9c006223bd121
-
SHA512
8378f04b6f5085e887ed46874414e5681f0ecb6889dbaa25eb78f75112d4be603aef8dec6a2a81857a19978f6ccf07d65d566ff3f0943da809de22599ffdd8f2
-
SSDEEP
48:6qX08pwehWTmk61T+8tH1GNO/icjsgnFp8hKAYKFaLDzzDz/xRe2v1e:GkwehWn6086+sgnchKAYKFafzf60
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2036 32 WerFault.exe 82 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 4304 WINWORD.EXE 4304 WINWORD.EXE -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 4304 WINWORD.EXE 4304 WINWORD.EXE 4304 WINWORD.EXE 4304 WINWORD.EXE 4304 WINWORD.EXE 4304 WINWORD.EXE 4304 WINWORD.EXE 4304 WINWORD.EXE 4304 WINWORD.EXE 4304 WINWORD.EXE 4304 WINWORD.EXE 4304 WINWORD.EXE 4304 WINWORD.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4812 wrote to memory of 32 4812 rundll32.exe 82 PID 4812 wrote to memory of 32 4812 rundll32.exe 82 PID 4812 wrote to memory of 32 4812 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UserInfo.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4812 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UserInfo.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:32 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 32 -s 6243⤵
- Program crash
PID:2036
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 32 -ip 321⤵PID:1440
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\RequestResize.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4304
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
263KB
MD5ff0e07eff1333cdf9fc2523d323dd654
SHA177a1ae0dd8dbc3fee65dd6266f31e2a564d088a4
SHA2563f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5
SHA512b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d
-
Filesize
308B
MD5dbc245ea24fb07bd83ac31b33bb5c39e
SHA1214268a2e21cb03bcf3427e3b7159e997ab5daa5
SHA256f4654867f6cdf6f866ed46cdf4924e35541c46767ddf8e1f07535cebb48e985b
SHA51219fe859d02a1ed1850c19ebc535b4f30594f10a0171cc2945179ecefa000f8f6e3ac3e4da091550d121bc9a470b4234ea05b98ef58ba33b1cd681dbfda61de11
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize1KB
MD5adb99eed07886d1313b86668dcbae0f9
SHA1374758e1f0a724379e0afdbe63bcfb7daa117350
SHA256df490d2d2826769823db0dc4f25bbe86485ae6e83446dfec6bca18da874c90a9
SHA5122fc8bc052a2817c1563145092bc181096f668f2337ac1674fbe00047e6eba2565ab5a20ea73ec2cf0820b85c177beabe0de8adb67d9fa660ddad3dfe1990543d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize1KB
MD54e0bf34139b1b40fd97abddc1327771c
SHA161a8b1d0a8b3efca1665a22053f730b468375950
SHA2566901f843bc302d44dde136dd67df8695385be23cc4786cba989819157698d33a
SHA512cb7585e0b6e67be6a227e9667270551224a0c28878d6a71a756b9e9e7a4ed359a9101eae4451dcc2a861ddf43f77d29a5b67b1f12ba0ba69647c53005e8f4330