Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
47s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
01/12/2022, 16:27
Static task
static1
Behavioral task
behavioral1
Sample
e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4.dll
Resource
win10v2004-20220812-en
General
-
Target
e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4.dll
-
Size
588KB
-
MD5
c194c6c3f6d30a7c2ed60ab7ff82be62
-
SHA1
98cfc68a23613cebe6eef9d2905a795d120d6388
-
SHA256
e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4
-
SHA512
0ad786d90e1ee9689b2e8003c8acbae44e67c5525bf8ba604e38015713cf1d36f82d70e93fa7ddb5c4262276c4b061f1368bb9135707e41142e902348147a704
-
SSDEEP
768:Xu8eQ64b2/XZNxAVIkSi2TkKPR2fJcw61UTzS4HMwXYRRGPZMoTiR5:HVb2/GGi2npX1UTzSIoXfoTm5
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1380 wrote to memory of 824 1380 regsvr32.exe 27 PID 1380 wrote to memory of 824 1380 regsvr32.exe 27 PID 1380 wrote to memory of 824 1380 regsvr32.exe 27 PID 1380 wrote to memory of 824 1380 regsvr32.exe 27 PID 1380 wrote to memory of 824 1380 regsvr32.exe 27 PID 1380 wrote to memory of 824 1380 regsvr32.exe 27 PID 1380 wrote to memory of 824 1380 regsvr32.exe 27
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4.dll1⤵
- Suspicious use of WriteProcessMemory
PID:1380 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4.dll2⤵PID:824
-