Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

c72666a1d3...b7.dll

windows7-x64

8

c72666a1d3...b7.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    139s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2022, 19:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c72666a1d3f15c7446da228e214500a44177fd0db7275be69e89291d72d090b7.dll

  • Size

    311KB

  • MD5

    64b3a74b344b34ff6fb8041a5b71b200

  • SHA1

    226df3e75485b73a9f23abab36af5226f205c972

  • SHA256

    c72666a1d3f15c7446da228e214500a44177fd0db7275be69e89291d72d090b7

  • SHA512

    c479cd205b7a0cfa91f9242c163a03fda0bd81635ebfcd1b1072f04713fc36db2cba413ff84e5b6c2e3cec6e3745ada2258fb3f3564b7f50e6df3579c2a8963c

  • SSDEEP

    6144:yCnUHYupMgts5/Few368XEZLRW6uPB0Rz+HC9PDwNaDM0eYn:y0UhU4jWVBoz+HC9bLo0eYn

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • Modifies registry class 50 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c72666a1d3f15c7446da228e214500a44177fd0db7275be69e89291d72d090b7.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3552
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\c72666a1d3f15c7446da228e214500a44177fd0db7275be69e89291d72d090b7.dll
      2⤵
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4528
      • C:\Windows\SysWOW64\regsvr32mgr.exe
        C:\Windows\SysWOW64\regsvr32mgr.exe
        3⤵
        • Executes dropped EXE
        PID:3376
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 264
          4⤵
          • Program crash
          PID:4848
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3376 -ip 3376
    1⤵
      PID:508

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SysWOW64\regsvr32mgr.exe
      Filesize

      132KB

      MD5

      ebc35bf5774a4b75cd45638cecb74db3

      SHA1

      3a4858d3ab2074b6d2d5a999a7443c683af2417b

      SHA256

      52c970b575040b26c6c357f1aa64288544578a229b9be70acd0f860f55cca346

      SHA512

      365feb8dccdbf66ff9dd5e1aa08126b0c6da0cb1fe6cf7a986cbb6c66928f7c3282492c11946598652e18fa695f7ea7021cd3f5943a20650e9efe829a0891ca1

      Download Submit

    • C:\Windows\SysWOW64\regsvr32mgr.exe
      Filesize

      132KB

      MD5

      ebc35bf5774a4b75cd45638cecb74db3

      SHA1

      3a4858d3ab2074b6d2d5a999a7443c683af2417b

      SHA256

      52c970b575040b26c6c357f1aa64288544578a229b9be70acd0f860f55cca346

      SHA512

      365feb8dccdbf66ff9dd5e1aa08126b0c6da0cb1fe6cf7a986cbb6c66928f7c3282492c11946598652e18fa695f7ea7021cd3f5943a20650e9efe829a0891ca1

      Download Submit

    • memory/3376-137-0x0000000000400000-0x000000000045D000-memory.dmp

      Filesize

      372KB

      Download

    • memory/4528-134-0x00000000750D0000-0x0000000075122000-memory.dmp

      Filesize

      328KB

      Download