Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3run_exe/BI...s2.dll
windows7-x64
3run_exe/BI...s2.dll
windows10-2004-x64
3run_exe/BI...32.dll
windows7-x64
3run_exe/BI...32.dll
windows10-2004-x64
3run_exe/BI...LE.dll
windows7-x64
1run_exe/BI...LE.dll
windows10-2004-x64
1run_exe/by...te.exe
windows7-x64
10run_exe/by...te.exe
windows10-2004-x64
10run_exe/cjoc.dll
windows7-x64
1run_exe/cjoc.dll
windows10-2004-x64
1run_exe/djua.dll
windows7-x64
1run_exe/djua.dll
windows10-2004-x64
1run_exe/lua51.dll
windows7-x64
1run_exe/lua51.dll
windows10-2004-x64
1run_exe/so...ql.dll
windows10-2004-x64
1run_exe/sqlxmlx.dll
windows10-2004-x64
1Analysis
-
max time kernel
51s -
max time network
54s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
30/09/2024, 00:32
Static task
static1
Behavioral task
behavioral1
Sample
run_exe/BIN/Qt5QuickTemplates2.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
run_exe/BIN/Qt5QuickTemplates2.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
run_exe/BIN/libeay32.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
run_exe/BIN/libeay32.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
run_exe/BIN/qtANGLE.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
run_exe/BIN/qtANGLE.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
run_exe/by_execute.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
run_exe/by_execute.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
run_exe/cjoc.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
run_exe/cjoc.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
run_exe/djua.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
run_exe/djua.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
run_exe/lua51.dll
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
run_exe/lua51.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
run_exe/source/msdasql.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral16
Sample
run_exe/sqlxmlx.dll
Resource
win10v2004-20240802-en
General
-
Target
run_exe/BIN/Qt5QuickTemplates2.dll
-
Size
2.1MB
-
MD5
cfda5807a7446493f56accc25dd13b01
-
SHA1
ab3630fc5d506d3946a2224da743a386c8d41b21
-
SHA256
6c6a4d1b7428704d9ab0ee38661aab7e5ee0c848907172168bd3d012a8fa89eb
-
SHA512
7050f336b15dedf36e384a9142e6ba5639490cbd6a57e0eabdc5c1c58c6e2e6253705a18e1ffa5bdc84e908e96e623f33013fabde26087f38aa551033328b936
-
SSDEEP
49152:FT5FZhsNkcShLPrucHq1t2luVUQ9NREvQIkrMDU5uv5MUv8g8M8P+C3YADThbIK0:FT5FZhsNkcShLPrucH2t2luVUQ9NREv/
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 2076 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2076 AUDIODG.EXE Token: 33 2076 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2076 AUDIODG.EXE -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1756 wrote to memory of 2540 1756 rundll32.exe 29 PID 1756 wrote to memory of 2540 1756 rundll32.exe 29 PID 1756 wrote to memory of 2540 1756 rundll32.exe 29 PID 1756 wrote to memory of 2540 1756 rundll32.exe 29 PID 1756 wrote to memory of 2540 1756 rundll32.exe 29 PID 1756 wrote to memory of 2540 1756 rundll32.exe 29 PID 1756 wrote to memory of 2540 1756 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\run_exe\BIN\Qt5QuickTemplates2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1756 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\run_exe\BIN\Qt5QuickTemplates2.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2540
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2752
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4541⤵
- Suspicious use of AdjustPrivilegeToken
PID:2076