Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

2a97878c38...ba.dll

windows7-x64

3

2a97878c38...ba.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 08:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a97878c38498fafb9eb7dec8e9c350c579a5dc4f7300a308ff0827b75cc58ba.dll

  • Size

    1.2MB

  • MD5

    08a64c8354c1c8eaf23c3f91d4a997f8

  • SHA1

    2907f87669d8457d4b64bf82b77b7efc31026e07

  • SHA256

    2a97878c38498fafb9eb7dec8e9c350c579a5dc4f7300a308ff0827b75cc58ba

  • SHA512

    1119ad485f12c7218e7aec8f00368dc66e67ce915a1b71a7ab6607977e7e68a48f2f1a7140a5ed7503d06abed3fc8267774ab204eb34e0705fe8ec5d9fe55aaf

  • SSDEEP

    24576:gbcRnQcEjaTnvmMeQncd3ToOKi3th5Tq+uU77AQvSEKrRgw:/uMPI3MS3tfTdY9gw

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a97878c38498fafb9eb7dec8e9c350c579a5dc4f7300a308ff0827b75cc58ba.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2792
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a97878c38498fafb9eb7dec8e9c350c579a5dc4f7300a308ff0827b75cc58ba.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2856
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/+TcyFQQFcPIcwZGEx
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2916
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2916 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    496aa4fc83bd71a93b32611838dfa0ac

    SHA1

    b76eab8e434509e9591f657b70476a48835f4628

    SHA256

    8a7d079df98dd646fa5ae4e1e68437fce6d7cf66873fa78e1be2421bfd804f35

    SHA512

    3d3b64b8e0aa212c9c459b83221343be7837346886c6d5b0c85b98b3985ceb380b10df8e8de7715c325092057a0ca21f7f65df70b5df4331e8913b2ce729812e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5f7829093f49db6527d3f9f13872ad8

    SHA1

    f32674f676f100342cedbbabdc79c8b5133c987b

    SHA256

    c3f52c188fae981ed9230bd4939ea4d6c11d974762ff2d6051435af573157e52

    SHA512

    354a0139cf37ccd01d7d4d1286e01447ea5f066a70cc25a5e1ad16721f0777201c511eede71a772e9ed87d9e4e0dcc592a79ccaf5df41c97161ddb3f4cb9aa61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37df0c1f0dcf5b6001f0a5d478230767

    SHA1

    7e7b7d84144ebec0a7dd430aa66f72631507d4a1

    SHA256

    e3bd2146352dba60898df1a0363262e6db89751231a181c82ca88825cd0a1e07

    SHA512

    ef8e40ce46e825f42d7772ed5a453b1b86c7917c5d03a0400897f2062f852234f38878844bf2fa45d077f7ff93f402a48500cebf0e0a2e29c2472e5fd41437f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffc5a3e38cc27f154d6ad76677f57ff2

    SHA1

    3aa1673d49a10c747dd1154d6e625e46cc2cfeba

    SHA256

    98239ad2574205f38c8e500cf63c99137306014fbb33679afceabd0e77020aa6

    SHA512

    dd93523cf6a4126533004dd4b86df8b1b47b3324db2c85eca7c31b75f6f0bda310972f8e5009c7582961c8390669d8e12aab3dc936e8f711fe5bedee8c06ff2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    422aba67b597333a5237e90232fc6e52

    SHA1

    69767e3e18349e71dd8d28774f365850b71b5645

    SHA256

    3f07f3b0be8981cd8dd96060d15427e90f7600a5e82b44ea3e2650476dd90a27

    SHA512

    ff2a179dca40392d18308cdf701bd8372b254899f23346c0b427e340042e5d285efe228fff4a992d54e51a79e898323001653dd4d29938b5b337e611814f6cca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b73bca907b22fb325b7d879237828dd

    SHA1

    2983d026a65646d3b64ad31df6079591d9562ddf

    SHA256

    30e2ff90c723e1ebf5fc0be4e10fb5c95891ddc027cf8df97a34a452b2efb7e6

    SHA512

    b23ba2c6664fb2d5fc1ca179ee0aabd971029f0d2753c74ce156354a6925431920276e75a937856311bb1340ce8824b3f66fedc5242fbf3dbbf3072429d37ac3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c658afbf52c9fae8f927a9c1efe2fc9

    SHA1

    9290c5bde09afa4417cf37ecf110d6653c796c52

    SHA256

    2ccaf975f4c27ce8e6d5403d190dda0b3374397eec1a1d80b1652b65d4deb55b

    SHA512

    3e02713c70873d1f62f902aced0919fe8291875621360bbfc5b9bca1256a181cccdcf0eff8ac3b227f67d63e8c230b0b3f1a3be70cfa2465694f7e9a814d3d12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df920f8ad92c42cb559ae40d635b9da6

    SHA1

    dd71e0b53ef9cff44cbcac335a12e63cb9bfdb56

    SHA256

    9b3808a6b60bc6f5511aeeccc81f0dfb64c9a03441d6bec88cf00b9529c921f3

    SHA512

    87ecbff307b1cd21343c48b4911b5a792f3fb8a4f8d6cbb3c888d28ffcdf0b0b20888425c5d2cf15769fe17088645a0b2f92e2a474296290ef5e935b35156d4e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f716e5422e5e87a00b6f0af325c5e60a

    SHA1

    7852b0363dd7f630536f52a13f01cc738bb0ca24

    SHA256

    088a70e94d4d622c7855cbf1a8ad5b6f0a2f237e6a6b8ef8aa87fae1bcc2f283

    SHA512

    4f5331f7ada54532d5e13d59816b0be57a7b1f90f4b03d77f77ce7099a78038b4aec756035088e3c9ae095d17cb6cb5dc7ba7c56089ec6719e4ca5061683110c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    854b2c2753f2081091e9b78a023b29c1

    SHA1

    d23067ca51cbbb72201627710a04797a9d09b333

    SHA256

    4922c99219e53c36c61c9bc6daf2d60e39669c31a39517dcfc0b6ef0f9785077

    SHA512

    eb70858a195f6e4acaee6116e7af11707576beb4afa9ea050a5c12520ab5535761f86a6b45e86342cc5d2e54a51b4faf7eda21b42238a231347201b60f77ad45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1bda29c6936f4577aee7b05b0c5eb513

    SHA1

    19837f3e490d63366311219358d81d18710853c9

    SHA256

    3e51f0a9657d2fcb10f39d131a94974ec1a16f3621740c1e6f071c939c6d4c2e

    SHA512

    bc185db9152bb382dd3b1cbc12a0c4fc57c8b644c8e2ba5d6abdee5b3a14746512240853a201df50df0244e35e3422f68a85657e31da1e976b19c74a74b80ab0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3e2f615bd654aa4458b20e1afe49abd

    SHA1

    9654230151acecbfcb76712ca840c185640d862a

    SHA256

    86805ba48209e54fd6c9830becb44708a04fc5bce0b0ecdde3c51ae3093b491f

    SHA512

    afa066b4a8a4943fafc419cdbe79706f6476e8815fc200bcb6b2850c16b5dc9cabed17ae12e2e25c2c4488855a83f4f3cbc39f7c650057e37c9a60fc170fa9ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e61fc7262360ce9d801ed172b3f2178f

    SHA1

    3c769de0e97613281e1706b5eee6b61f08034600

    SHA256

    6dfc18888ab430a711ca4ab6b014c25d8238c00ff31248f0139f809ccd8f326e

    SHA512

    df5b47158eab4affaba13da44c74dea5b8ffa21399ee4565558d49339ddf8bb62a8e9b7f0a4820277ca5b1e68ce102001eb52c035972f93dcfc57691565988de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f497b8bcccfa424fca9cce3d354cb5c

    SHA1

    44d090b7e3d3617893057242e02f6415d91231e5

    SHA256

    cff2450dce3fb8706332e9a86af2855459fa193de52c1be4190970a03086b994

    SHA512

    efc60795f773c7d48962593ee5edb963f61715d3574ad4c25b0992a637c2e8d14a51f9e7681832178207ac6eeb4be7d8a809c592584abb4880740f3c3215f0cb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAE4B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAF39.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2856-2-0x0000000000180000-0x0000000000181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2856-0-0x0000000002010000-0x0000000002199000-memory.dmp

    Filesize

    1.5MB

    Download