Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
1UnparkCPU ...aR.rar
windows7-x64
3UnparkCPU ...aR.rar
windows10-2004-x64
3Suscribete...il.dll
windows7-x64
1Suscribete...il.dll
windows10-2004-x64
1Suscribete...er.dll
windows7-x64
1Suscribete...er.dll
windows10-2004-x64
1Suscribete...PU.exe
windows7-x64
1Suscribete...PU.exe
windows10-2004-x64
1Suscribete...st.exe
windows7-x64
3Suscribete...st.exe
windows10-2004-x64
3Suscribete...nifest
windows7-x64
3Suscribete...nifest
windows10-2004-x64
3Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
27/03/2023, 10:07
Static task
static1
Behavioral task
behavioral1
Sample
UnparkCPU - KuasaR.rar
Resource
win7-20230220-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
UnparkCPU - KuasaR.rar
Resource
win10v2004-20230220-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral3
Sample
Suscribete a KuasaR/Unpark CPU/Interop.MSUtil.dll
Resource
win7-20230220-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
Suscribete a KuasaR/Unpark CPU/Interop.MSUtil.dll
Resource
win10v2004-20230221-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral5
Sample
Suscribete a KuasaR/Unpark CPU/LogParser.dll
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
Suscribete a KuasaR/Unpark CPU/LogParser.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral7
Sample
Suscribete a KuasaR/Unpark CPU/UnparkCPU.exe
Resource
win7-20230220-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral8
Sample
Suscribete a KuasaR/Unpark CPU/UnparkCPU.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral9
Sample
Suscribete a KuasaR/Unpark CPU/UnparkCPU.vshost.exe
Resource
win7-20230220-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral10
Sample
Suscribete a KuasaR/Unpark CPU/UnparkCPU.vshost.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral11
Sample
Suscribete a KuasaR/Unpark CPU/UnparkCPU.vshost.exe.manifest
Resource
win7-20230220-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral12
Sample
Suscribete a KuasaR/Unpark CPU/UnparkCPU.vshost.exe.manifest
Resource
win10v2004-20230221-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
Suscribete a KuasaR/Unpark CPU/LogParser.dll
-
Size
1.2MB
-
MD5
19a0224e0d175ba8c2a55c17d8019a4c
-
SHA1
025775ba74ebea2262d72335a3146817793f1acb
-
SHA256
75fd4411d31d91c5b53f1554d585f892db303e743b82ee6c9f6007757130b105
-
SHA512
3f0fb98c4c33c75f8411d271efac6eb2fdcd26d473eb46686c0cf41b4546bfabe278c254554559cf9bc4496cd04893bacbc10ee680169d1e96b215138435da72
-
SSDEEP
24576:3vPuRuXVp3FHPl5MpvofEHlrid0l9hhhVW:P3FHPl5MVHFid0l9hhhVW
Score
1/10
Malware Config
Signatures
-
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3ED0372B-4117-4CA3-A638-EF9BF3720248} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.SYSLOGOutputFormat\CLSID\ = "{342148B3-7F11-4F39-A287-6829F83FABDA}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8819BA1E-1931-4CCF-9F71-64547651AA54}\ = "ICOMTSVOutputContext" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.IISIISInputFormat\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.IISW3CInputFormat.1 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9A6E2BE0-96E4-4985-87AF-BDC668EA15A5}\VersionIndependentProgID\ = "MSUtil.LogQuery.URLScanLogInputFormat" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.ETWInputFormat\ = "LogQuery.ETWInputFormat" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.RegistryInputFormat\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.TemplateOutputFormat regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2547428D-535E-4467-9C0C-77511E47BE0D} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B0936B89-8035-42CE-A33C-9E2E22DEADD2}\ = "ICOMSYSLOGOutputContext" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8235D6A5-AAFD-4D39-BFE8-EF1641AB9257}\ = "LogQuery.TemplateOutputFormat" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{CB6A017F-69ED-48D2-8ED7-42B1BCB80844}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3837E95F-07DB-4D09-99CD-586B4E094208}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{72B09A81-FB17-4187-B5F8-AD7E9592548E}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{88937009-2404-483D-B6A7-49AA184426B9}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{29467682-1CFC-46EA-B64D-EB31A56B321D}\ProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{AF3F77B5-028D-4DE3-BDE7-8D84C30573C0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{80206B7F-6424-41FA-984C-7DBD92CE0C48}\TypeLib\ = "{A7E75D86-41CD-4B6E-B4BD-CC2ED34B3FB0}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{84C54BEB-D3C1-4E89-A868-F6F40B184D68}\ = "ICOMTSVInputContext" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9F3A6096-C1A3-428D-BE12-EEA7CDB3627F}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8819BA1E-1931-4CCF-9F71-64547651AA54}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8819BA1E-1931-4CCF-9F71-64547651AA54} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.IISIISInputFormat.1\ = "LogQuery.IISIISInputFormat" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.TextWordInputFormat\CLSID\ = "{0A402C88-0CEB-42C6-A15B-32AA45052706}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C0B28DCB-F1D8-48A3-B4F4-FC28BEBA5EBA}\TypeLib\ = "{A7E75D86-41CD-4B6E-B4BD-CC2ED34B3FB0}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CB6A017F-69ED-48D2-8ED7-42B1BCB80844}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.ChartOutputFormat\CurVer\ = "MSUtil.LogQuery.ChartOutputFormat.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ADE25553-5361-44BA-9270-31B08B4A8D6F} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2C4C2DB5-61C5-4D45-A66F-2071EC069328}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A402C88-0CEB-42C6-A15B-32AA45052706}\AppID = "{3040E2D1-C692-4081-91BB-75F08FEE0EF6}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C17BDE3A-CDBD-45E0-9BCF-FD286A344EE8}\VersionIndependentProgID\ = "MSUtil.LogQuery.RegistryInputFormat" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0B28DCB-F1D8-48A3-B4F4-FC28BEBA5EBA}\ = "ICOMIISNCSAInputContext" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5BFDB31-5D80-4496-AF9C-79549E2F7BEC}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C0D19115-1C4F-4A49-A02C-60BF913BEFF9}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F2455538-58A0-45FF-B16C-5F5DBA8D811C}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A7E75D86-41CD-4B6E-B4BD-CC2ED34B3FB0}\1.0\0\win32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F0FF3746-6CA6-4AB6-AE64-79A26FA82950} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.IISIISMSIDInputFormat\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0776E95A-34E3-4488-886E-094BA16BB6BD}\VersionIndependentProgID\ = "MSUtil.LogQuery.XMLInputFormat" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55FCA9B8-56BB-479C-92C7-388011A6E45B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5481A119-1977-4190-B585-C62373A6A024}\TypeLib\ = "{A7E75D86-41CD-4B6E-B4BD-CC2ED34B3FB0}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.IISODBCInputFormat\ = "LogQuery.IISODBCInputFormat" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.ETWInputFormat.1\ = "LogQuery.ETWInputFormat" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.SYSLOGOutputFormat.1\CLSID\ = "{342148B3-7F11-4F39-A287-6829F83FABDA}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{38E8C317-D7A1-49EE-8437-8DFE91462B1E}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{55FCA9B8-56BB-479C-92C7-388011A6E45B}\ = "ICOMIISIISMSIDInputContext" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B53E5AF6-3D61-42B1-8F65-4F4F7368EC59}\ = "ICOMETWInputContext" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4A1AAA95-FD08-449B-BD16-E87083D8F087}\VersionIndependentProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FFB760AB-4ACA-4070-99D5-194D9272B47D} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F2455538-58A0-45FF-B16C-5F5DBA8D811C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Suscribete a KuasaR\\Unpark CPU\\LogParser.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC691F49-FD32-4E17-8C5F-F7C31F46FDF5}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{ADE25553-5361-44BA-9270-31B08B4A8D6F}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2690326C-0A98-41A0-A53A-BE0D58F0E936}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{80C997CD-A676-4028-8860-BB5F2F8278F6}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery.IISIISInputFormat.1\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B942793-EEB0-41B8-BF12-4CD3EDDC9205}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Suscribete a KuasaR\\Unpark CPU\\LogParser.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{38E8C317-D7A1-49EE-8437-8DFE91462B1E}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{80206B7F-6424-41FA-984C-7DBD92CE0C48} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2690326C-0A98-41A0-A53A-BE0D58F0E936}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9BE3E5B2-BBC3-40BB-AAFE-C94DDA631D32}\VersionIndependentProgID\ = "MSUtil.LogQuery.EventLogInputFormat" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{CC00A85E-22A3-4E73-8FA8-088EE78B1DC5}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\MSUtil.LogQuery\CurVer\ = "MSUtil.LogQuery.1" regsvr32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1544 wrote to memory of 1568 1544 regsvr32.exe 28 PID 1544 wrote to memory of 1568 1544 regsvr32.exe 28 PID 1544 wrote to memory of 1568 1544 regsvr32.exe 28 PID 1544 wrote to memory of 1568 1544 regsvr32.exe 28 PID 1544 wrote to memory of 1568 1544 regsvr32.exe 28 PID 1544 wrote to memory of 1568 1544 regsvr32.exe 28 PID 1544 wrote to memory of 1568 1544 regsvr32.exe 28
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s "C:\Users\Admin\AppData\Local\Temp\Suscribete a KuasaR\Unpark CPU\LogParser.dll"1⤵
- Suspicious use of WriteProcessMemory
PID:1544 -
C:\Windows\SysWOW64\regsvr32.exe/s "C:\Users\Admin\AppData\Local\Temp\Suscribete a KuasaR\Unpark CPU\LogParser.dll"2⤵
- Modifies registry class
PID:1568
-