Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1c220cdc.dll

windows7-x64

1

1c220cdc.dll

windows10-2004-x64

1

run.bat

windows7-x64

10

run.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    112s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23/01/2023, 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c220cdc.dll

  • Size

    110KB

  • MD5

    0993776328ea1684833f09868032549c

  • SHA1

    ed7779094d6dce79be2252807e28c59aec8590b3

  • SHA256

    caaea7ec83956a823420a78dec430fddb5db65d9fa4bc6555659b9b0c05c817a

  • SHA512

    19f83a1718e3330e9fb0bbd61b6c21e569740d7cd22d3c2a600d9a717feaa663297d777e526dbc9c4d02beb6c3c5e12bd417058bf7995798a5c61350e5c35502

  • SSDEEP

    3072:0LJ0tYRDh8zCTFGMCcKh0ff87FhtHW43tNncyIEyNlO:0LGtkl8zCTFGM1QA07btHW4TcjTvO

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1c220cdc.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\1c220cdc.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1860
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe "C:\Users\Admin\AppData\Local\Temp\FCF6.tmp.bat"
        3⤵
          PID:1780
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1432
      • C:\Windows\system32\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\FCF6.tmp.bat" "
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1368
        • C:\Windows\system32\rundll32.exe
          rundll32.exe "C:\Users\Admin\AppData\Local\Temp\1c220cdc.dll",DllRegisterServer
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:744
          • C:\Windows\SysWOW64\rundll32.exe
            rundll32.exe "C:\Users\Admin\AppData\Local\Temp\1c220cdc.dll",DllRegisterServer
            4⤵
              PID:112

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\FCF6.tmp.bat
        Filesize

        106B

        MD5

        ff0d434d832974419893789cfbe870b2

        SHA1

        9571a6aa13b451e50f805effabc1c817941fc6ec

        SHA256

        b12285c8f760d7ba1acec9d167ed772653b808c34c85304946a95bc8cb7f94b2

        SHA512

        677085db803a375eb90bc1305c849f1c05317e60de0fbe18bef706850daf399ec78373dd11216005921474bb6a8cb4bc910f3596d67717cd49a46e3b79a66da0

        Download Submit

      • memory/1720-54-0x000007FEFC161000-0x000007FEFC163000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1780-59-0x0000000074B21000-0x0000000074B23000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1860-56-0x00000000762B1000-0x00000000762B3000-memory.dmp

        Filesize

        8KB

        Download