Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

XMouseButt....5.exe

windows10-2004-x64

7

XMouseButt....5.exe

windows11-21h2-x64

7

$PLUGINSDI...md.dll

windows10-2004-x64

3

$PLUGINSDI...md.dll

windows11-21h2-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows11-21h2-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows11-21h2-x64

3

BugTrapU-x64.dll

windows10-2004-x64

1

BugTrapU-x64.dll

windows11-21h2-x64

1

XMouseButt...ol.exe

windows10-2004-x64

1

XMouseButt...ol.exe

windows11-21h2-x64

1

XMouseButtonHook.dll

windows10-2004-x64

1

XMouseButtonHook.dll

windows11-21h2-x64

1

uninstaller.exe

windows10-2004-x64

7

uninstaller.exe

windows11-21h2-x64

7

$PLUGINSDI...md.dll

windows10-2004-x64

3

$PLUGINSDI...md.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    30/08/2024, 15:00 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    BugTrapU-x64.dll

  • Size

    364KB

  • MD5

    80d5f32b3fc515402b9e1fe958dedf81

  • SHA1

    a80ffd7907e0de2ee4e13c592b888fe00551b7e0

  • SHA256

    0ab8481b44e7d2f0d57b444689aef75b61024487a5cf188c2fc6b8de919b040a

  • SHA512

    1589246cd480326ca22c2acb1129a3a90edf13b75031343061f0f4ed51580dfb890862162a65957be9026381bb24475fec6ddcb86692c5961a24b18461e5f1f0

  • SSDEEP

    6144:tv+VkJpn803Q9eg3rX9FudjTLNjGGtOCiKTBObg:tvfJp8aQ9eg3rX9Fudjx5Tk

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 14 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 21 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\BugTrapU-x64.dll,#1
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3732

Network

  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    self.events.data.microsoft.com
    Remote address:
    8.8.8.8:53
    Request
    self.events.data.microsoft.com
    IN A
    Response
    self.events.data.microsoft.com
    IN CNAME
    self-events-data.trafficmanager.net
    self-events-data.trafficmanager.net
    IN CNAME
    onedscolprdwus06.westus.cloudapp.azure.com
    onedscolprdwus06.westus.cloudapp.azure.com
    IN A
    20.189.173.7
No results found
  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    148 B
     352 B
     2
    2

    DNS Request

    13.227.111.52.in-addr.arpa

    DNS Request

    self.events.data.microsoft.com

    DNS Response

    20.189.173.7

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.