Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
36s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
11/10/2022, 16:24
Behavioral task
behavioral1
Sample
dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26.exe
Resource
win10v2004-20220812-en
General
-
Target
dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26.exe
-
Size
224KB
-
MD5
2b76654e120996f5d6a7eca2ccaf4cd3
-
SHA1
33cf25419948b244bc082f1cefd949dc2ac96ec2
-
SHA256
dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26
-
SHA512
24b96e4e7026695ee62b2b92402cbfbb8d205888c195938bd1c16cc7f2c321b8ba66e2d389b124c2f5629c9e484f066f2b2cbce339e8ed6fd4c780054bd15a2f
-
SSDEEP
3072:LJZ5h3uc6z/TBdSITmxrT7fsVwiMAQHp8EQreRpYlutDlemSLH4x:lZOtz2ITc6Yp8EQreQGB
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2020 wrote to memory of 912 2020 regsvr32.exe 28 PID 2020 wrote to memory of 912 2020 regsvr32.exe 28 PID 2020 wrote to memory of 912 2020 regsvr32.exe 28 PID 2020 wrote to memory of 912 2020 regsvr32.exe 28 PID 2020 wrote to memory of 912 2020 regsvr32.exe 28 PID 2020 wrote to memory of 912 2020 regsvr32.exe 28 PID 2020 wrote to memory of 912 2020 regsvr32.exe 28
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26.exe1⤵
- Suspicious use of WriteProcessMemory
PID:2020 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26.exe2⤵PID:912
-