Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
170s -
max time network
183s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 06:09
Static task
static1
Behavioral task
behavioral1
Sample
256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d.dll
Resource
win10v2004-20221111-en
General
-
Target
256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d.dll
-
Size
588KB
-
MD5
694e1aaf95998636f98392c303114b90
-
SHA1
3ec74379035c9a55b277f989e35e928b25707954
-
SHA256
256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d
-
SHA512
8d3fd1a7692db50a492f6a7e0a6d7362877c311bacf1718a3c45cd72d8df5a0dfe54c4640571536066cc66824b93b68e63bf82a4f50a71053e9e93d1acc1916c
-
SSDEEP
768:h58e3riYY2uXZ9hAVaYUStKIZ+2fJcwqVETAz4HMBbsjjRGPZMo2/V:U+Y2IGM7IZ+nVETAzFs1foC
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1580 wrote to memory of 1704 1580 regsvr32.exe 83 PID 1580 wrote to memory of 1704 1580 regsvr32.exe 83 PID 1580 wrote to memory of 1704 1580 regsvr32.exe 83
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1580 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d.dll2⤵PID:1704
-