Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

0904efe9f6...18.exe

windows7-x64

7

0904efe9f6...18.exe

windows10-2004-x64

7

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$TEMP/netddee.exe

windows7-x64

7

$TEMP/netddee.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$S...1_.exe

windows7-x64

7

$SYSDIR/$S...1_.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$_5_.dll

windows7-x64

6

$SYSDIR/$_5_.dll

windows10-2004-x64

6

$TEMP/setup.exe

windows7-x64

7

$TEMP/setup.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2024, 05:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SYSDIR/$_5_.dll

  • Size

    877KB

  • MD5

    20a9c78acf901dd4328881cc067e336c

  • SHA1

    e39e2011c8504dbea9356a0dee4770ea30d95509

  • SHA256

    5dc895ed2436461a93e3faf2e89332ad78507608d8249c58b4c093e2d2d3b71e

  • SHA512

    7e8483e19bcd1b03099eb7290e4fe32d1b232162da3da67cf29142c33fead4f82e3e6c26094ccb0aadcb7949d8cbb07db5bd56df8e9069a6c67fa2a8c4d51b72

  • SSDEEP

    24576:DQJDHPGAzx8GwPiUYUUGQF6mHjdeiv9R7MKR6VuOZ7SmdfN:sJBwQF6mDEivP7xEuOZTfN

Score
6/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Maps connected drives based on registry 3 TTPs 3 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\$SYSDIR\$_5_.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\$SYSDIR\$_5_.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Maps connected drives based on registry
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2680
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2148 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2396

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b00f9ad0f9193763254306764debc59a

    SHA1

    5cb55057fddc8a97d33fdc2963c626b22b53a3c3

    SHA256

    0e0c0808049d554b6648d6bda3b83b726216666484c3f210ba5e01d5fde46ca0

    SHA512

    452c82677eedc9d513427f2a6aa3876cc01e7fc32ec5d9ea1dc8184a1d52e5ca67cd9b45892c2b7fd775f23c0b93a992730a7dda840ca7ef8ca170f9c21543f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    747b8890a6d47d9b79427521f571cb86

    SHA1

    ca2aad3843c1b2d74ebb17f4c4bb1e8610eda7c8

    SHA256

    e33311869d7b38e479891058ef20084ae4e842545940ed55e78e47faa2d91904

    SHA512

    91ab92d88909dd569708dd3b5c9189b77cb5b0dbeead56441670deba778f7797bbc7ffb3116c75f84ab843345e9d3dee4b6de588c67c4d4b2836b124d18fc473

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fed28937b60892a5b13f82dd7c33d527

    SHA1

    894dc865c09733ccd1cd52e328e68b25be761148

    SHA256

    c7adcb9ba87527ddfd36b114b69c4294ec58900ee0f2da0bc9c72ef7b1ee3dbf

    SHA512

    e01891ef16dddfc432fba9bc234380c174471568c9d8ec743f1fc5a3c88addb5a36449859f660ef1d9d6b9388189399f8401100b055d12055aca9a9b5dc98730

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee14f4f1c79cd7b3165b44956761f9c7

    SHA1

    96af31b8a672a5534a9ad653367753fa343e43e5

    SHA256

    d4df407e21af108a80c1a653fc4e96dbcd3b17d2fe106e6125a223383fb3ca91

    SHA512

    df945643a63f9879d9885069e2ea2130bc08e414617f2bec9eb25ed6dc91c8d7746a2c2ca846e1aeff377dc3c731e5b87b652935951bc726c1b40000e46ee628

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c4042f2eacde094ebc4863deb78fd9c

    SHA1

    fbeaeed2f30e6fafc6f2eadc813fdfa0fe504d35

    SHA256

    10de6b85ad166b98315652d6cb9164fc339af349b0c4db02c79d1cd2febee146

    SHA512

    28c1821b266069667c8821b96c2dd8d53aa800efe7890ce3687d27e25c5f72efd04f87f2524f959dcb7c639264fcb57ee887d1a5ee5d70e9f92c2126471f00cd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f66316e96bf82ebf2fed561ebb5d2e8

    SHA1

    01b0d58ed8eaf9b951fb115cb4bf69ff9cc82a2e

    SHA256

    6b325db088f67f5dfe195bdec51ee4838b0dfd5df0c985fff730947e6323957c

    SHA512

    539b319ade4d8cda7d60c77a08404bc2e6dc16824fe3efb75f4ad25c0e9bbd05193377b8d585598e8c7060e220b40fcb52172a9f1ce18c98f97e2c8c18e0a7a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c66132ba565512fa7017583c977b722

    SHA1

    671f14ec5fd4aa6ec627b379df3adf1a7cfa0ee5

    SHA256

    6d6e7ae6df914cad8a5dbdcbb69281805a41f1b5fe5a7e96d8eb0cf35640ee2b

    SHA512

    192eca5fd6277175f5854a54654203fdfdce51b999916c2e9468eec6ee28ffcfed9f8a02780e3fd6d596f483d8e3f97a308f2c54a9155873efb4e1daa3e74544

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a745d57b7357aac34c84b49d3da620fc

    SHA1

    2b42cd99041eda27cb3f3bb51758c4ece8889301

    SHA256

    a7333bcbcc2d361fdc947e70e7497d2e9fde0757f473d78aa53e3e896f7e2db0

    SHA512

    33ea53670f048c01c8b4492bff51cfec634a24f37ffde40f86a9b2a0a8a2f77ef0e6ef9f9e020b186cb1bd453959a2cb0499ced31e0b22d36983a0239adf1801

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7e7c4d8ff3ebdc307951511f7525a73

    SHA1

    c80efdf6e145a4065ca1498c0a287556b46cc536

    SHA256

    4c941bfdae3570ddc05790c22cbee35fe2dbf17bc643a4219ca7f0073fa0a7cc

    SHA512

    87c60af0db614a04606e329a889d5237ac846408dc78223f7616d730d6fe11c283462bb5094f5144fa43465592c4c5f7ce4c8e863b519cabed1f92469d99793b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC590.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC622.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2680-0-0x0000000000360000-0x0000000000362000-memory.dmp

    Filesize

    8KB

    Download