Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

b420e9dfe8...cd.dll

windows7-x64

1

b420e9dfe8...cd.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    19s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23/11/2022, 22:10 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd.dll

  • Size

    44KB

  • MD5

    5a62a932c29e91bb17f1def447ecdb40

  • SHA1

    e24185ddb2e8c3d972b4a3b078b09bf3fdf31813

  • SHA256

    b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd

  • SHA512

    1e168833fa1d9d7360ae469a14c78dfc2c8ef44770f2a3c7d2f5d7c0a4f519b07fd5ac224b05717cbf37e7c12fb893f4842c2a6e777cf68ad060d7db27364610

  • SSDEEP

    768:L0XLCdYxDow6F6L3uH2yOvhUQpkavk+ag4zp6RTTogLa1lHqFH:L0X2dYxkG+H2ysUHzp6ZFLaHHi

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:804
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:952
      • C:\Windows\SysWOW64\Rundll32.exe
        C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd.dll,DllUnregisterServer
        3⤵
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        PID:1644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/804-54-0x000007FEFBC41000-0x000007FEFBC43000-memory.dmp

    Filesize

    8KB

    Download

  • memory/952-56-0x0000000075931000-0x0000000075933000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.