Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06/11/2022, 04:02
Static task
static1
Behavioral task
behavioral1
Sample
bacae364846c0e87e5a17c4d1d00fdda5cdc37ba6fd6f99758cdde9c9b60d758.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
bacae364846c0e87e5a17c4d1d00fdda5cdc37ba6fd6f99758cdde9c9b60d758.dll
Resource
win10v2004-20220812-en
General
-
Target
bacae364846c0e87e5a17c4d1d00fdda5cdc37ba6fd6f99758cdde9c9b60d758.dll
-
Size
19KB
-
MD5
1318055f8a37e8c1682e5bb9e4622ae6
-
SHA1
2691e960a1f1cb60ff762ba315315d87f4193f43
-
SHA256
bacae364846c0e87e5a17c4d1d00fdda5cdc37ba6fd6f99758cdde9c9b60d758
-
SHA512
5ad7f9e760eae65ae764bd951f95eb401959f446e78bd5d59c17fad5843115b5a6f61d73370c22e651f0206b5c4cefdace6b2f5ebecd01bedfc34813c6375e5a
-
SSDEEP
384:cWWTEcWjd55SolrDwjWU/mCNn49TkRBLoObb66Ij9TfnD:3Zros4WUdy9TOLeTr
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1900 wrote to memory of 976 1900 regsvr32.exe 27 PID 1900 wrote to memory of 976 1900 regsvr32.exe 27 PID 1900 wrote to memory of 976 1900 regsvr32.exe 27 PID 1900 wrote to memory of 976 1900 regsvr32.exe 27 PID 1900 wrote to memory of 976 1900 regsvr32.exe 27 PID 1900 wrote to memory of 976 1900 regsvr32.exe 27 PID 1900 wrote to memory of 976 1900 regsvr32.exe 27
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\bacae364846c0e87e5a17c4d1d00fdda5cdc37ba6fd6f99758cdde9c9b60d758.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1900 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\bacae364846c0e87e5a17c4d1d00fdda5cdc37ba6fd6f99758cdde9c9b60d758.dll2⤵PID:976
-