Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
140s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
03/10/2024, 19:16
General
-
Target
$_5_.dll
-
Size
736KB
-
MD5
ce7f66ea290d710a5971e9d56ca774cc
-
SHA1
89fd53cddeadeef8434baf815378313d0a626969
-
SHA256
d53b7c1fdd8fab8aec1556692ba0cb41b4812d0f5fc6d45b4028d487c3b4a3aa
-
SHA512
5cfb58981ede4ce97c2f353a4bb55900b01ad84ce26b470f98719e3141a98b486bc6a03e6cc86ac32f98c232bf8263e23840f455835b5242167a6c9d1aece9dc
-
SSDEEP
12288:L/dYsPEG5wChJOaIm11fp0Z6bJJ+yTX4aa5t5Y7/fBDbgrqmt6l0/Z9zRZzRf+Up:pYP9ChAa311x46bJVbJut+lDcrl7ZbZr
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Installs/modifies Browser Helper Object 2 TTPs 2 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Maps connected drives based on registry 3 TTPs 3 IoCs
Disk information is often read in order to detect sandboxing environments.
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 27 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\$_5_.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\$_5_.dll2⤵
- Adds Run key to start application
- Installs/modifies Browser Helper Object
- Maps connected drives based on registry
- System Location Discovery: System Language Discovery
- Modifies registry class
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3036 CREDAT:275457 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Browser Extensions
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5914f6f60d53a7f949182238880252fde
SHA148d0c3f153948dacd45b696db482a2beefb4cdd9
SHA256fc31ad6053aab25cd9053801a023adda7dc107d9671a01166f32d10e1d62f426
SHA51256ede2e1576e02d1466b1303f22c33214767f7ff787d6782b4baaad37acd907b79ae365403b41cfecdb524effffa49e88032e7a1c017268515404449bb2b8812
-
Filesize
342B
MD51b61ac32b8ee32feb2cae071e7859ca8
SHA1834652a6d9017555e5b008e985017b6812a467f8
SHA25686fdf41c77f90e9a1561ccb9df7661ec715f5551c0d26a63ea8d0bdc0126478b
SHA5129323a84ac16c4990adbcd11eebf73fac461b3bd04c1fcc21fd3803c46fc38fb6ca523fe2a661aedad544625c9b4ec30d2c12707b10b0eb459a83c31bf51c0a1d
-
Filesize
342B
MD5583ed54239bc250f5cba4a38e76dc35c
SHA16a7fc75faf2717e70d1747d7f94c6bbc449e4a8a
SHA256e2bd25635faf8c200831a20cf63b884f5045ec6e663c7b0ec67405163d5f3f85
SHA512dfc3fdba24a98c4639e0b4aae5b5bb8a50a1cb2cb600ef4a880aab12299f2017ef411dacf6eb7b846dde3b0f467f870c49a853eb31113cf2428884b44778b476
-
Filesize
342B
MD5d3c92a21e7f87767d595b3df76314a14
SHA156dc1209a535ade8c34fe56e5da273a03854a3fa
SHA256afd10d3e60a51b4e188be36e7c18ac3f163e4e46b239a7f0fa4e582c8c19e363
SHA51253c0dfb9be27ee77d873bf301f5155db551097a661fcaca29a1245e77ba23018e28b1991a5b7785cb380858bcfa8c5275e24b4a5299a27f389eb072db10fb138
-
Filesize
342B
MD50025cbc204fcf474b3450485e82c7834
SHA1a373cdb69a67dca05d2c3d83476111787ef0684f
SHA256d0ea347c7bbfcadd2c2218293effd19444a23d69fb20efc220abeeefd3c7bfba
SHA512db493ec538d5b92bae62a2a64912616e38ea7b5731d90c6a39ba7ed548b9a957777f847bb69808ddcbc8f18edfb14176206877a128f89ca7ad98b53ef98ba894
-
Filesize
342B
MD5eed9586007f8d78b94396ee831c76357
SHA15435c7b04c149fdb711ececc744eaaadf44aa009
SHA256f27a1ef9960fbfc5910208709c2efa849a0e6d9c6719c53d27eb80e146d08f61
SHA512fcda0d3363bf5f7fd4e045f64a55b477a1c66a007be5733532c74b871be51117382b48a621b0bd2ff1a11b86440dffbd1570f0a270ccf1017958cd3c26c2398d
-
Filesize
342B
MD5ff030e78e4ead7eeef44ce58db7b325c
SHA1218182ad1618ba79b061105ae8c52d95b67c964e
SHA256945af2438f82c1fc8d11f35bd9f67fb60f06239918690e93c555d92dbda1678e
SHA512ed33e62c7936934cb8a0755a68f21fc6fd8d58a50ff1dd70110f2b7578c22e81608e88ec44db3e168735a7e7815faac4795f72ff0ade94afa6d07f52fb11b745
-
Filesize
342B
MD5eda2d87c2ef7c36ff87ee99472da45b5
SHA1e228dd2679524afe60946858e9f0359157038b88
SHA256111c770453c87c46498f988def53b812bbe816a185b80255a9fa9f1e0c8eb8c2
SHA512f77c4015fda722a9b7804886bcab4eb8bcdd0d374d6b6d7e0c2f2db0408e90fdbef013282f6ce9cf1c6d72a7a4b2aba3780c695aa901f1e3553d1cdf4f3eb933
-
Filesize
342B
MD55f63be4e2e5c9127a74db651923da866
SHA179206f3f24891a6e0aa858c67b6e3f701f2d7882
SHA256851143e47ad4ae37b4be763499090553fb954736f9c57b8383b5ef85b19cf59f
SHA5121f270e2a1140e5a4c1217f3ae79cf795a26b0baed5ab995a1abc4a73ad71eaa7cb1dd5c9ebb156d383980f12e8ff87fe0cfffbea7d47b4628c9d43bc07b70c40
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
8KB