Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
01/12/2022, 21:38
Static task
static1
Behavioral task
behavioral1
Sample
890ebcc73f6b737164627b260daa533e79cb282ff95c85b0f1219099a68f294d.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
890ebcc73f6b737164627b260daa533e79cb282ff95c85b0f1219099a68f294d.dll
Resource
win10v2004-20220812-en
General
-
Target
890ebcc73f6b737164627b260daa533e79cb282ff95c85b0f1219099a68f294d.dll
-
Size
588KB
-
MD5
5500ae19f61840753f2178c02878940d
-
SHA1
c4e1552b7743a712d879b0f0745732ef72671e8f
-
SHA256
890ebcc73f6b737164627b260daa533e79cb282ff95c85b0f1219099a68f294d
-
SHA512
40ba2042bac4bbe784f1a79db015b07f41476f382a42b84610eaf8bc6272c5942944855a74c3fdf50d8398ca9510e9a35589a9d4eb0bf601b9f4cb82e8bfe3ed
-
SSDEEP
768:K58e3r9YY2uXZ9hAVaYUStKIZ+2fJcwqVETAz4HMBbsjjRGPZMoE/V:BpY2IGM7IZ+nVETAzFs1foM
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1184 wrote to memory of 1172 1184 regsvr32.exe 26 PID 1184 wrote to memory of 1172 1184 regsvr32.exe 26 PID 1184 wrote to memory of 1172 1184 regsvr32.exe 26 PID 1184 wrote to memory of 1172 1184 regsvr32.exe 26 PID 1184 wrote to memory of 1172 1184 regsvr32.exe 26 PID 1184 wrote to memory of 1172 1184 regsvr32.exe 26 PID 1184 wrote to memory of 1172 1184 regsvr32.exe 26
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\890ebcc73f6b737164627b260daa533e79cb282ff95c85b0f1219099a68f294d.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1184 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\890ebcc73f6b737164627b260daa533e79cb282ff95c85b0f1219099a68f294d.dll2⤵PID:1172
-