Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

0oj3.exe

windows7-x64

1

0oj3.exe

windows10-2004-x64

10

interception.dll

windows7-x64

1

interception.dll

windows10-2004-x64

1

libcrypto-3-x64.dll

windows7-x64

1

libcrypto-3-x64.dll

windows10-2004-x64

1

netlimiter....0.exe

windows7-x64

7

netlimiter....0.exe

windows10-2004-x64

7

onnxruntime.dll

windows7-x64

1

onnxruntime.dll

windows10-2004-x64

1

opencv_world490.dll

windows7-x64

1

opencv_world490.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    92s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/12/2024, 21:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    netlimiter-5.3.18.0.exe

  • Size

    10.3MB

  • MD5

    77fe4dda11353dac7bab0a5b0ff751ad

  • SHA1

    a13bea60fa99cfc1e817b40b2b299d917e08266b

  • SHA256

    99ce75543755df63697610e00ce334564ce4d931d726ffb57d65a8a2679298de

  • SHA512

    82349624eb88036fd70539b2485b805242ae22f4c6c1bde3b72a8113d1cd1c47314c58d8358828e74b50a165fdae295c941d06cf7e834b704fb4251da76f71c3

  • SSDEEP

    196608:o5gk9KH9q0poBp26sb+WCgdMKQyo4Onak2LRJMloJvgFWAIe2y13NWZ:xeKdFmYtbDkdhakFUYFWAIe1HWZ

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\netlimiter-5.3.18.0.exe
    "C:\Users\Admin\AppData\Local\Temp\netlimiter-5.3.18.0.exe"
    1⤵
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4020
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Enumerates connected drives
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Windows\syswow64\MsiExec.exe
      C:\Windows\syswow64\MsiExec.exe -Embedding E052F8A0FDA9CE8FAC3161E4E970BCD1 C
      2⤵
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:2096

Network

  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    72.32.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    72.32.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    226.20.18.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    226.20.18.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.66.101.151.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.66.101.151.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    209.205.72.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    209.205.72.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    212.20.149.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    212.20.149.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    171.39.242.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    171.39.242.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    196.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    196.190.18.2.in-addr.arpa
    IN PTR
    Response
    196.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-196deploystaticakamaitechnologiescom
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    11.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    11.227.111.52.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    72.32.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    72.32.126.40.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    226.20.18.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    226.20.18.104.in-addr.arpa

  • 8.8.8.8:53
    133.66.101.151.in-addr.arpa
    dns
    73 B
     133 B
     1
    1

    DNS Request

    133.66.101.151.in-addr.arpa

  • 8.8.8.8:53
    209.205.72.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    209.205.72.20.in-addr.arpa

  • 8.8.8.8:53
    212.20.149.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    212.20.149.52.in-addr.arpa

  • 8.8.8.8:53
    171.39.242.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    171.39.242.20.in-addr.arpa

  • 8.8.8.8:53
    196.190.18.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    196.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    70 B
     133 B
     1
    1

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    11.227.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    11.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\PreparePrereqDlgProgress.gif
    Filesize

    24KB

    MD5

    f550f449baed1315c7965bd826c2510b

    SHA1

    772e6e82765dcfda319a68380981d77b83a3ab1b

    SHA256

    0ee7650c7faf97126ddbc7d21812e093af4f2317f3edcff16d2d6137d3c0544d

    SHA512

    7608140bc2d83f509a2afdaacd394d0aa5a6f7816e96c11f4218e815c3aaabf9fc95dd3b3a44b165334772ebdab7dfa585833850db09442743e56b8e505f6a09

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\applogoicon.bmp
    Filesize

    19KB

    MD5

    af7ad9a40809c0d00004383c656c3692

    SHA1

    898b75659e67e7e1dcc9e028ba92b9888ce53bac

    SHA256

    83bfdb826d2d753f31b12c1d0a62e36d96004dc32038ae85d9006ca578612b60

    SHA512

    b325313982285754cdfdc61b165d1968ddd0437a1c0bb46d35c04be03e3444a3d189baded903eb91806552d26c1544d0576d2f8ea754ea4776054cb237bfcad5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\backbutton
    Filesize

    404B

    MD5

    50e27244df2b1690728e8252088a253c

    SHA1

    b84ad02fd0ed3cb933ffbd123614a2495810442b

    SHA256

    71836c56ec4765d858dc756541123e44680f98da255faf1ece7b83d79809b1c3

    SHA512

    ba3d3535bfd2f17919e1a99e89fdb1c9a83507ff3c2846c62770e210a50aee1281445d510858d247cc9619861089aaf20f45b0b7c39f15c0ea039ac5498fa03e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\backgroundprepare
    Filesize

    134B

    MD5

    a0efb0e7b9cee25b09e09a1a64e96ba6

    SHA1

    0c1e18f6f5e6e5e6953e9fb99ca60fdec35d6e39

    SHA256

    f044f542bc46464054084c63596877f06c6e2c215c0e954c4ace9787ced82787

    SHA512

    7e53f9f564aaa529b3b15035671957c2923ec98ddee93758ea7a4c8645ee9058962078771b853e3490290fde1f57030dff5092d40d69418776ffee89f79c8a7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\browsebutton
    Filesize

    253B

    MD5

    9554be0be090a59013222261971430ad

    SHA1

    9e307b13b4480d0e18cfb1c667f7cfe6c62cc97c

    SHA256

    f4302ee2090bc7d7a27c4bc970af6eb61c050f14f0876541a8d2f32bc41b9bab

    SHA512

    ac316f784994da4fed7deb43fe785258223aba5f43cc5532f3e7b874adc0bc6dbcd8e95e631703606dfaa2c40be2e2bb6fa5bc0a6217efe657e74531654ea71c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\checkbox
    Filesize

    1KB

    MD5

    0b044ccde7aa9d86e02a94030d744ac2

    SHA1

    0594ebb3737536703907ba5672ccd351c6afb98a

    SHA256

    bce5b6de3a1c7af7ec14b6643da25f7c9e15bd5f1c4a38abfcddc70a5e93bdd3

    SHA512

    dbfba793722589f1a76dbc75c9a2f3646733e4a079a6b70003716a7f7b8fa1a6a2b234ec9132f5737e91d20d460db1e29826b2d7ac740f73136975f19e336cd8

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\frame_bottom_left.bmp
    Filesize

    66B

    MD5

    1fb3755fe9676fca35b8d3c6a8e80b45

    SHA1

    7c60375472c2757650afbe045c1c97059ca66884

    SHA256

    384ebd5800becadf3bd9014686e6cc09344f75ce426e966d788eb5473b28aa21

    SHA512

    dee9db50320a27de65581c20d9e6cf429921ebee9d4e1190c044cc6063d217ca89f5667dc0d93faf7dcc2d931fe4e85c025c6f71c1651cbd2d12a43f915932c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\frame_bottom_mid.bmp
    Filesize

    66B

    MD5

    71fa2730c42ae45c8b373053cc504731

    SHA1

    ef523fc56f6566fbc41c7d51d29943e6be976d5e

    SHA256

    205209facdebf400319dbcb1020f0545d7564b9415c47497528593e344795afd

    SHA512

    ea4415619720cc1d9fb1bb89a14903bfd1471b89f9c4847df4839084aae573d49b4969d3799ad30ff25b71f6e31f8d9f30701e1240d3cd6a063819c04873f21f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\frame_caption.bmp
    Filesize

    206B

    MD5

    8641f45594b8d413bf1da25ce59f1207

    SHA1

    afebb23f5a55d304d028ca9942526b3649cddb52

    SHA256

    0403ed31d75dcc182dd98f2b603da4c36b6325e9d159cac4371e1448244bb707

    SHA512

    86a5f959f8462f866466dc706d3ae627b1fb019b8a33ee7fe48e3b69f92bf33dc0f1417c0d5116552b25b488bcb5d9050a33773e6883ebe08410267d95b2353a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\frame_left.bmp
    Filesize

    66B

    MD5

    30384472ae83ff8a7336b987292d8349

    SHA1

    85d3e6cffe47f5a0a4e1a87ac9da729537783cd0

    SHA256

    f545ec56bc9b690a6b952471669a8316e18274d64e2ebc9e365fcf44363a125a

    SHA512

    7611f930a0a1089cc5004203ec128c916f0c2aedae3a6fcc2eaffa8cd004dcbf154714e401947921a06896ca77c77daec7f9bda82369aacd3bb666f8a0331963

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\frame_left_inactive.bmp
    Filesize

    66B

    MD5

    4b84f29fbce81aab5af97a311d0e51e2

    SHA1

    60723cf4b91c139661db5ecb0964deca1fc196ea

    SHA256

    c93be5a7c979c534274fc1a965d26c126efa5d58c14066b14937e5aba3b9eb55

    SHA512

    775eadccc44fddbd1e0d4231bc90d222f0a9749199e1963449ad20285ea92941a5685cdc12c0cd8c0ef0a21e10bdacaf139e5c69cd5e402cc110679323c23df1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\frame_top_left.bmp
    Filesize

    154B

    MD5

    1966f4308086a013b8837dddf88f67ad

    SHA1

    1b66c1b1ad519cad2a273e2e5b2cfd77b8e3a190

    SHA256

    17b5cd496d98db14e7c9757e38892883c7b378407e1f136889a9921abe040741

    SHA512

    ec50f92b77bca5117a9a262ba1951e37d6139b838099e1546ab2716c7bafb0fc542ce7f1993a19591c832384df01b722d87bb5a6a010091fc880de6e5cfa6c17

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\frame_top_mid.bmp
    Filesize

    66B

    MD5

    4e0ac65606b6aacd85e11c470ceb4e54

    SHA1

    3f321e3bbde641b7733b806b9ef262243fb8af3b

    SHA256

    1d59fe11b3f1951c104f279c1338fc307940268971d016ebe929a9998a5038ee

    SHA512

    7b28bcb4e76af3b863a7c3390b6cd3316c4631434e1d1e2df8d6e0eb9987a61a4f1a24de59567394e346d45e332403a0817ed0b0b64d7a624dbe48e30db9bb64

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\metroinstallbutton
    Filesize

    520B

    MD5

    70db38d656afa3778dcf6173d390e61b

    SHA1

    8b8674d6d70d67943d313d2b74222daa4bd1691d

    SHA256

    3a0a5b69f9da7cae9fc631326ed8aa97abbaaecf2bf15d0a73169a29f3381e83

    SHA512

    8888ab493c7342f69b33279eaec4f99c41a906929d65503c48c7059d199fbab267ba9ad6ef6e57a7a56d2a321c01e46008f770afe67fa99ec7b7676ec2376c05

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\nextcancelbuttons
    Filesize

    404B

    MD5

    583580e2c651f5c230fb3235b7ca0e3b

    SHA1

    a9bd6aeef43a6f4c0c00d1ecd98a585d7eb0aaa3

    SHA256

    65172283ee04f2fa18d0e57b21471be2e68017d1f61816aaaa6be070b446346f

    SHA512

    6c61e6c06c883113a7a0efbd352120354c070f5c17d770b6b821c42cb9d9ca895992842b29b51bd3e569b0c95e93709dd7c1c2a26bcff0ad425079f5302670ce

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\sys_close_hot.png
    Filesize

    276B

    MD5

    17242d201d004bb34449aab0428d2df1

    SHA1

    77a332c6a6c4bfc47a2120203cfeabb8a2268a6b

    SHA256

    15405855866fa2b7c60afbc8ba720aae8f2ba7fb60bfa641dc9d10361e56f033

    SHA512

    605a97e2614c664417d53263be21c67b1504a46ee61b92b0a84ac18a7baab05eb56b72d4cf27372ae6c157928080ba16e24081e95458eb122ba18f3722c2d21f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\sys_close_normal.png
    Filesize

    225B

    MD5

    8ba33e929eb0c016036968b6f137c5fa

    SHA1

    b563d786bddd6f1c30924da25b71891696346e15

    SHA256

    bbcac1632131b21d40c80ff9e14156d36366d2e7bb05eed584e9d448497152d5

    SHA512

    ba3a70757bd0db308e689a56e2f359c4356c5a7dd9e2831f4162ea04381d4bbdbef6335d97a2c55f588c7172e1c2ebf7a3bd481d30871f05e61eea17246a958e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\AI_EXTUI_BIN_4020\sys_min_hot.png
    Filesize

    180B

    MD5

    1a883668b735248518bfc4eefd248113

    SHA1

    1112803a0558a1ad049d1cac6b8a9d626b582606

    SHA256

    bcbb601daa5a139419f3cd0f6084615574c41b837426ebff561b7846dfec038e

    SHA512

    d321878ed517544c815fd0236bdff6fcb6da5c5c3658338afba646f1d8f2e246c6c880d4f592ff574a18f9efdf160e5772bbf876fb207c8fd25c1f9dd9ddfd04

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSIA74D.tmp
    Filesize

    557KB

    MD5

    db7612f0fd6408d664185cfc81bef0cb

    SHA1

    19a6334ec00365b4f4e57d387ed885b32aa7c9aa

    SHA256

    e9e426b679b3efb233f03c696e997e2da3402f16a321e954b54454317fceb240

    SHA512

    25e129cb22aaabc68c42ecf10bb650ac4d0609b12c08703c780572bac7ecf4559fcc49cd595c56ea48cf55260a984cfa333c08307ffb7c62268b03fbecc724b9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\MSIAB2B.tmp
    Filesize

    705KB

    MD5

    f7b1ddc86cd51e3391aa8bf4be48d994

    SHA1

    a0c0a4a77991d7f8df722acdd782310a6da2a904

    SHA256

    ac2df3283d65ab78ca399232fa090764636e0fec7ab53be28f6ee93733d8787f

    SHA512

    f853c3cf9ec175e946dd42f7f35d130f4fb941f64bbf5780ce452fe6e87459217b80872db375ad1bbafc47ad263408e4222d81f62c7df92c77e23e77e67e6fa6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\{5ADFA84B-DFB3-4823-9614-56E005DCE660}\5DCE660\netlimiter-5.3.18.0.x64.msi
    Filesize

    3.0MB

    MD5

    d1fb3421aed077f1f4ff61b84920dd49

    SHA1

    eac4154716d253277cac03c95265f59758cffffc

    SHA256

    615b6a83935b1825847cc89a6bb7274a3631a833659e17523cd95fb6b5c0e0a0

    SHA512

    4b9f9fc3b114789f78195b614af76cdeff03cbcbc2cdfe28f1d3dea3ebb07d3dcaa0c505c358788ff2653351cc99b7cf4eac1e32e9af459fccdc497d31462611

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.