Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
12/03/2023, 04:28
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Tedy.173902.18328.10251.dll
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Tedy.173902.18328.10251.dll
Resource
win10v2004-20230221-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
SecuriteInfo.com.Variant.Tedy.173902.18328.10251.dll
-
Size
586KB
-
MD5
b2f6fe4b2c5e5e92b08ffa5e7319e62a
-
SHA1
adbc51e01e55972cf34e8ca86a8be701ef2c2d85
-
SHA256
f23faf36ea96a4e9a4b18260cebc05f841d8664cf0fdb628105068a53303706d
-
SHA512
71cddc688a77f8e4f445e1856c4d23b3e5b35d8e36cf52c2f306f86b9abf7b7b4dc0d8b647a7f41b7f55897d67ea8707fe8c428cad415688681f4ad030497830
-
SSDEEP
12288:y4xGy0XR7LcnOYjUBAxn7pz7EFmMNvD0Kx48vzzHpVB82z3Hbqaiws3wJOWH5Aok:yz6bGP3HbqaitAJOWH2
Score
7/10
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs 11 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 regsvr32.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01E44665-24AC-101B-84ED-08002B2EC713} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BF80981-BF32-101A-8BBB-00AA00300CAB}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B196B28C-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3AF24292-0C96-11CE-A0CF-00AA00600AB8}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{922EADA0-3424-11CF-B670-00AA004CD6D8}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\StdFont\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3127CA40-446E-11CE-8135-00AA004BB851}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3AF24290-0C96-11CE-A0CF-00AA00600AB8}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BF80980-BF32-101A-8BBB-00AA00300CAB}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00020412-0000-0000-C000-000000000046}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7BF80981-BF32-101A-8BBB-00AA00300CAB}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B196B285-BAB4-101A-B69C-00AA00341D07} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B196B288-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{01E44665-24AC-101B-84ED-08002B2EC713}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020420-0000-0000-C000-000000000046} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22F03340-547D-101B-8E65-08002B2BD119} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22F55881-280B-11D0-A8A9-00A0C90C2004} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22F55882-280B-11D0-A8A9-00A0C90C2004} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3AF24290-0C96-11CE-A0CF-00AA00600AB8} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D001F200-EF97-11CE-9BC9-00AA00608E01}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B196B288-BAB4-101A-B69C-00AA00341D07}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B196B28F-BAB4-101A-B69C-00AA00341D07} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{922EADA0-3424-11CF-B670-00AA004CD6D8}\ = "IOleInPlaceSiteWindowless" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD1AE5E0-A6AE-11CE-BD37-504200C10000}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B3E7C340-EF97-11CE-9BC9-00AA00608E01}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B196B283-BAB4-101A-B69C-00AA00341D07} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B196B28D-BAB4-101A-B69C-00AA00341D07} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B196B28D-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3AF24292-0C96-11CE-A0CF-00AA00600AB8}\ = "IViewObjectEx" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{922EADA0-3424-11CF-B670-00AA004CD6D8}\NumMethods regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1C2056CC-5EF4-101B-8BC8-00AA003E3B29}\NumMethods\ = "11" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F5185DD8-2012-4B0B-AAD9-F052C6BD482B}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\OldFont regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{1CF2B120-547D-101B-8E65-08002B2BD119}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3127CA40-446E-11CE-8135-00AA004BB851} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22F55882-280B-11D0-A8A9-00A0C90C2004}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55980BA0-35AA-11CF-B671-00AA004CD6D8}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{00020411-0000-0000-C000-000000000046} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B196B28B-BAB4-101A-B69C-00AA00341D07} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3AF24292-0C96-11CE-A0CF-00AA00600AB8}\ProxyStubClsid32\ = "{B196B286-BAB4-101A-B69C-00AA00341D07}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A6BC3AC0-DBAA-11CE-9DE3-00AA004BB851} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D001F200-EF97-11CE-9BC9-00AA00608E01}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{894AD3B0-EF97-11CE-9BC9-00AA00608E01}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3AF24292-0C96-11CE-A0CF-00AA00600AB8}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{22F55882-280B-11D0-A8A9-00A0C90C2004}\NumMethods regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{742B0E01-14E6-101B-914E-00AA00300CAB} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B196B284-BAB4-101A-B69C-00AA00341D07}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B196B286-BAB4-101A-B69C-00AA00341D07} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55980BA0-35AA-11CF-B671-00AA004CD6D8}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D001F200-EF97-11CE-9BC9-00AA00608E01} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{376BD3AA-3845-101B-84ED-08002B2EC713}\NumMethods regsvr32.exe