Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

075ba514c0...af.dll

windows7-x64

8

075ba514c0...af.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 17:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    075ba514c099aed56c628093345c77af.dll

  • Size

    248KB

  • MD5

    075ba514c099aed56c628093345c77af

  • SHA1

    de127b7734a9f6355611950b3332d3021d079970

  • SHA256

    7aa87475dfcfb5c9c8bab0d797c54f6ea53198fe91e1a97b74d5e10e097dfdd9

  • SHA512

    fcf14a0f3d1531aa5e27da655fb108727a9296c017e89677187c3a4bf9049687346c6f8e93bc658b6d7233478a3e6212cdaad45871673a248fe24e3f5ce15505

  • SSDEEP

    6144:NR3Hk20K+Os0UxJ38hU63Nqr21dHwhCuM:LXke+Os0vQ61dHwhH

Score
8/10
adwarepersistencestealer

Malware Config

Signatures

  • Sets file execution options in registry 2 TTPs 2 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Modifies registry class 41 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\SysWOW64\regsvr32.exe
    /s C:\Users\Admin\AppData\Local\Temp\075ba514c099aed56c628093345c77af.dll
    1⤵
    • Sets file execution options in registry
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies registry class
    PID:1820
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\075ba514c099aed56c628093345c77af.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2092

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads