Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

dbghelp.dll

windows7-x64

10

dbghelp.dll

windows10-2004-x64

10

Resubmissions

06/04/2023, 23:03

230406-21qthafe84 10

13/03/2023, 11:50

230313-nzsd2scc6y 1

13/04/2022, 02:53

220413-ddal1adhf9 1

Analysis

  • max time kernel
    27s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    06/04/2023, 23:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbghelp.dll

  • Size

    242.9MB

  • MD5

    31b00fe35cd795058e11e1bc2d8de272

  • SHA1

    e25ebd7ea19dfc1948ac5e50e6166aa73bda5dca

  • SHA256

    b253368444aba74db84589b6af2a5a0971a11c4129b220203870a4f5a82cd6fd

  • SHA512

    ed213e2f0e8e40f2d828c9458fe6b50b4c44ecc0487bc924244b6957115e83737286ff7d082ab89ac11279f4075076b9f65d5d1841a07c0bcae337dd6310f443

  • SSDEEP

    49152:BSjIuHVecUiBfG/aQimk8eGtsLwBnaUSLjV+Xa1TkT:B8HVecUitCk8ZtFqLjx

Score
10/10
grandoreirobankertrojan

Malware Config

Signatures

  • Detects Grandoreiro payload 1 IoCs
  • Grandoreiro

    Part of a group of banking trojans, targeting Spanish and Portuguese speaking countries.

    trojanbankergrandoreiro
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dbghelp.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\dbghelp.dll
      2⤵
        PID:912

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/912-54-0x00000000023A0000-0x00000000033A0000-memory.dmp

      Filesize

      16.0MB

      Download