Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

EAC拔苗�...58.chm

windows7-x64

1

EAC拔苗�...58.chm

windows10-2004-x64

1

attachment-22.js

windows7-x64

3

attachment-22.js

windows10-2004-x64

3

attachment-23.html

windows7-x64

3

attachment-23.html

windows10-2004-x64

3

EAC拔苗�...ac.exe

windows7-x64

1

EAC拔苗�...ac.exe

windows10-2004-x64

3

EAC拔苗�...me.exe

windows7-x64

7

EAC拔苗�...me.exe

windows10-2004-x64

7

EAC拔苗�...nc.exe

windows7-x64

7

EAC拔苗�...nc.exe

windows10-2004-x64

7

EAC拔苗�...et.exe

windows7-x64

7

EAC拔苗�...et.exe

windows10-2004-x64

7

EAC拔苗�...P4.exe

windows7-x64

7

EAC拔苗�...P4.exe

windows10-2004-x64

7

EAC拔苗�...c2.exe

windows7-x64

7

EAC拔苗�...c2.exe

windows10-2004-x64

7

EAC拔苗�...32.dll

windows7-x64

6

EAC拔苗�...32.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    92s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2024, 06:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EAC拔苗成长指引 v3.58/其它/外部接口aspi驱动/WNASPI32.dll

  • Size

    156KB

  • MD5

    a6d7ac2c5b1e807b0feec08c44856044

  • SHA1

    7d49e6973ef5b42bb82d7923079b5e4e59d31dc6

  • SHA256

    67cef80e4f8c0be01391d57a9042179093e335d77246d31b8ad9f2db9a7e2912

  • SHA512

    2d073c4cd4b4e0d96bbc3f6cd71cf0dae84384b1fd5a1c3602293590272e7cde6de87930ddfaa3359ba52fed68a7f6957039bb04004a17086bdfa078e37973c2

  • SSDEEP

    3072:o4vMB3X9rtx4jZVmdWrrW8X99L+TTvUAl1GmvBsjgrC/oRCT8/R:TS3XJ4jZVk8X99L4t1G4r4+

Score
6/10
bootkitdiscoverypersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EAC拔苗成长指引 v3.58\其它\外部接口aspi驱动\WNASPI32.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4488
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\EAC拔苗成长指引 v3.58\其它\外部接口aspi驱动\WNASPI32.dll",#1
      2⤵
      • Writes to the Master Boot Record (MBR)
      • System Location Discovery: System Language Discovery
      PID:2992

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads