Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 01:24

General

  • Target

    09fec51fad3273e022f8edfc45e57980.dll

  • Size

    422KB

  • MD5

    09fec51fad3273e022f8edfc45e57980

  • SHA1

    4b4b6c0755d9938baf385abbbbb94a0302e70fea

  • SHA256

    1e3fea244a7cddfb5e5c6e97cfa671e708f26e53f80b6dc879e9f80af7fdd385

  • SHA512

    e8925c6cc3d0cd06bfd7b178f1bf8b41153249763a079c9a5df69939d8c4a3b2f987c1577ff4f9453b32a62098d3605e6b484d883f05708e63be2a62ac40014a

  • SSDEEP

    6144:VEo0JkXmwglUcvBECgqpHNaXLhI966AGkAjOpoaY7QCQ8jHzhdR5jZUZZaBs4:VEoFWLKcvPBeq6xGJOpq80HtBNUZZW

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\09fec51fad3273e022f8edfc45e57980.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2296
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\09fec51fad3273e022f8edfc45e57980.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2248-0-0x0000000010000000-0x000000001009B000-memory.dmp

    Filesize

    620KB

  • memory/2248-1-0x0000000000A70000-0x0000000000ACA000-memory.dmp

    Filesize

    360KB

  • memory/2248-2-0x00000000030E0000-0x00000000030E2000-memory.dmp

    Filesize

    8KB