Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

WinPcap_4_1_3.exe

windows7-x64

8

WinPcap_4_1_3.exe

windows10-2004-x64

8

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SYSDIR/Packet.dll

windows7-x64

3

$SYSDIR/Packet.dll

windows10-2004-x64

3

$SYSDIR/pthreadVC.dll

windows7-x64

3

$SYSDIR/pthreadVC.dll

windows10-2004-x64

3

$SYSDIR/wpcap.dll

windows7-x64

3

$SYSDIR/wpcap.dll

windows10-2004-x64

3

WinPcapInstall.dll

windows7-x64

3

WinPcapInstall.dll

windows10-2004-x64

3

rpcapd.exe

windows7-x64

1

rpcapd.exe

windows10-2004-x64

3

Resubmissions

22/10/2024, 17:10

241022-vp365axgrj 8

Analysis

  • max time kernel
    27s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/10/2024, 17:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinPcap_4_1_3.exe

  • Size

    893KB

  • MD5

    a11a2f0cfe6d0b4c50945989db6360cd

  • SHA1

    e2516fcd1573e70334c8f50bee5241cdfdf48a00

  • SHA256

    fc4623b113a1f603c0d9ad5f83130bd6de1c62b973be9892305132389c8588de

  • SHA512

    2652d84eb91ca7957b4fb3ff77313e5dae978960492669242df4f246296f1bedaa48c0d33ffb286b2859a1b86ef5460060b551edca597b4ec60ee08676877c70

  • SSDEEP

    24576:UBOldyR6ORWsaM2QROxa6jsqUENfJjNK/CG6niqiL:2KzqWsayROxa6QDENuaG+ifL

Score
8/10
discovery

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Loads dropped DLL 7 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 5 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs net.exe
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WinPcap_4_1_3.exe
    "C:\Users\Admin\AppData\Local\Temp\WinPcap_4_1_3.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2096
    • C:\Windows\SysWOW64\net.exe
      net start npf
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:996
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 start npf
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1148

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd758E.tmp\bootOptions.ini
    Filesize

    371B

    MD5

    a111274f680914c6c84b6d35c0614c71

    SHA1

    be84563fe9c0aa21a1228921341512dadf0abb73

    SHA256

    6e691b18d4826a899a3ef87e6e8ae72ef23ef81d4c09501d14655d119ffb857a

    SHA512

    cdaf2622065e4189d95e1d373d8aa1537f245e11e070052ecb0c5e7533dce4188ddda77618a6a689d0f784640df66bc7b741562fa94fbbf98e6f2c9222b9645f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd758E.tmp\bootOptions.ini
    Filesize

    362B

    MD5

    890d5b30f41e99b24f4711b95b4fdf7d

    SHA1

    babadb4149d347e103cab9cc5f9bf5edefec0bc5

    SHA256

    b2ddcd83820cf16deeffa51c21c04f5d66f92e3f51079d82f1a898e3f5177985

    SHA512

    5990c81c137c5d5aaacab2a546e9990d8538be4bdddab8be334108bdd2289eaa80477009da8018901e5502fe16bcf560454824eab318fa8a9a59b00be038e554

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd758E.tmp\ioSpecial.ini
    Filesize

    556B

    MD5

    e63ef3707b40c4b7ee521bc5713ca7c2

    SHA1

    4a9bb810bfb89573e166fd5503f941eb243af214

    SHA256

    c4602e1dc1214e53319a975b255a68299ef65082cacf868fcd4eb2183014761b

    SHA512

    90ab4f97b9183b7a965926f33c8449bb99add2c72ac79ddc76eb7928fce9613164f3242d41bfac8afd0d043a968d4d7ebd535b1e43a2d963fe6f203fc59389a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd758E.tmp\ioSpecial.ini
    Filesize

    578B

    MD5

    927fa3b7a6965b9dfccb2be7a3ef6da7

    SHA1

    250e9d6e06e147c1cdf8aa206ae7bc19b2314de9

    SHA256

    c64e5c24ae8b1af66713d7c1d569abcad556e0ca8eee5f4a69f202550a568a64

    SHA512

    68d6c1872948fb0f478e62674511acf8985c584ed98f31db1a28ac2f2c678c2d807647153fb7895256001c96b218b108125d801ad53e9c1f6fe0d6b931f3bb31

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd758E.tmp\ioSpecial.ini
    Filesize

    556B

    MD5

    1b032ca7938999fc74f0ab13872a392b

    SHA1

    e2beafb2cbf5d4824d93dc279eee0573648f484c

    SHA256

    d9a34cbcbcdde29417266333e40af86bd1e68dcceddeb64888c2cc4a9efaa1a3

    SHA512

    dbfb815e44e81be52fb052ae5e2cc5b14f3ab059b1a737645dc5c3318f4eee97e6120ca201fb7d0949fee94439ae2f1c7dadc6cf7cd5dc36d65b50e8cea7a849

    Download Submit

  • \Program Files (x86)\WinPcap\WinPcapInstall.dll
    Filesize

    91KB

    MD5

    e78291558cb803dfd091ad8fb56feecc

    SHA1

    4bde2f87e903fe8d3bd80179c5584cec7a8cbdc4

    SHA256

    d9f4cd9f0e1bc9a138fb4da6f83c92c3e86eb3de4f988d5943d75c9b1dc6bb9d

    SHA512

    042b96bc2c0e6d8b6e2730426938eb7400fd833be8a108a4942f559fedefabc35fd5dcb7ea1898d377b4382c0a9af8eeeebd663a4c852c706e3bd168c1f1f62f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd758E.tmp\ExecDos.dll
    Filesize

    5KB

    MD5

    a7cd6206240484c8436c66afb12bdfbf

    SHA1

    0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

    SHA256

    69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

    SHA512

    b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd758E.tmp\InstallOptions.dll
    Filesize

    14KB

    MD5

    325b008aec81e5aaa57096f05d4212b5

    SHA1

    27a2d89747a20305b6518438eff5b9f57f7df5c3

    SHA256

    c9cd5c9609e70005926ae5171726a4142ffbcccc771d307efcd195dafc1e6b4b

    SHA512

    18362b3aee529a27e85cc087627ecf6e2d21196d725f499c4a185cb3a380999f43ff1833a8ebec3f5ba1d3a113ef83185770e663854121f2d8b885790115afdf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd758E.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd758E.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    7579ade7ae1747a31960a228ce02e666

    SHA1

    8ec8571a296737e819dcf86353a43fcf8ec63351

    SHA256

    564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

    SHA512

    a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

    Download Submit

  • memory/2096-137-0x0000000002800000-0x0000000002816000-memory.dmp

    Filesize

    88KB

    Download