Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3run_exe/BI...s2.dll
windows7-x64
3run_exe/BI...s2.dll
windows10-2004-x64
3run_exe/BI...32.dll
windows7-x64
3run_exe/BI...32.dll
windows10-2004-x64
3run_exe/BI...LE.dll
windows7-x64
1run_exe/BI...LE.dll
windows10-2004-x64
1run_exe/by...te.exe
windows7-x64
10run_exe/by...te.exe
windows10-2004-x64
10run_exe/cjoc.dll
windows7-x64
1run_exe/cjoc.dll
windows10-2004-x64
1run_exe/djua.dll
windows7-x64
1run_exe/djua.dll
windows10-2004-x64
1run_exe/lua51.dll
windows7-x64
1run_exe/lua51.dll
windows10-2004-x64
1run_exe/so...ql.dll
windows10-2004-x64
1run_exe/sqlxmlx.dll
windows10-2004-x64
1Analysis
-
max time kernel
95s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
30/09/2024, 00:32
Static task
static1
Behavioral task
behavioral1
Sample
run_exe/BIN/Qt5QuickTemplates2.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
run_exe/BIN/Qt5QuickTemplates2.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
run_exe/BIN/libeay32.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
run_exe/BIN/libeay32.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
run_exe/BIN/qtANGLE.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
run_exe/BIN/qtANGLE.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
run_exe/by_execute.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
run_exe/by_execute.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
run_exe/cjoc.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
run_exe/cjoc.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
run_exe/djua.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
run_exe/djua.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
run_exe/lua51.dll
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
run_exe/lua51.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
run_exe/source/msdasql.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral16
Sample
run_exe/sqlxmlx.dll
Resource
win10v2004-20240802-en
General
-
Target
run_exe/BIN/libeay32.dll
-
Size
2.1MB
-
MD5
9c8b228d392411aeec50905c2d80cf5d
-
SHA1
54a8d6ec44a8e11a3e232ad63b006b5c1394d6b2
-
SHA256
2c125702a00050b7175befb29e58749c8b63e33d51e6093ac04175c303084a83
-
SHA512
b993b094174f5564ae4e0f3c333c61ad2d57857761c60273c0d0681845e457ffa7df8bcb61f0c8dcccd12ba702457c610f742879abd339780bc5de805ddc1f69
-
SSDEEP
49152:RGqv0LS1e33J+UMFMVDfC/QZG9WUQmCRD75AArD/0lTrWrTZ3BGTy:RGy0LS1oJ+UMFMVDfC/QZG9WUQxRD75l
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2192 wrote to memory of 4172 2192 rundll32.exe 82 PID 2192 wrote to memory of 4172 2192 rundll32.exe 82 PID 2192 wrote to memory of 4172 2192 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\run_exe\BIN\libeay32.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2192 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\run_exe\BIN\libeay32.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4172
-