Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

3

65417f3374...9f.dll

windows7-x64

6

65417f3374...9f.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    141s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/01/2024, 11:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65417f33744c19cbc270bdb114d0ab9f.dll

  • Size

    136KB

  • MD5

    65417f33744c19cbc270bdb114d0ab9f

  • SHA1

    2d77a79f1ac8da11ad3073bbb11aae8ff2e18c58

  • SHA256

    715486b38cf3e183371b2cda889f222aaf3e65cd71f3c0bbb7b9a510e0df00a1

  • SHA512

    4930ef1b8b7fa9c2f37eddec4bcc6c444a685f18bc037abe013926deee151c8d292f72936357a333678354dec5723d651277bc06ff3acc82a51b20a6c57f1ca3

  • SSDEEP

    1536:MCiM6NhsJ7+EQArk2s1WPNRLaxUZ5piox5MtTHc7for5n/kCPTowYc87EnjPvO9U:ZxJXS2sx8/iQowAyCPTowiAvqU

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 31 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\65417f33744c19cbc270bdb114d0ab9f.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5064
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\65417f33744c19cbc270bdb114d0ab9f.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:4948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads