Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
14/02/2024, 14:10
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
317631.dll
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
317631.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
317631.dll
-
Size
476KB
-
MD5
f32839de7b3209090778a9a4c5e14cce
-
SHA1
ca33599617a5de46cb3e726d66eee9d48e5a78af
-
SHA256
aab9e3d3f923f7c17694df3bd395aea1112f87e63580c1762579c43056d3b2da
-
SHA512
0aff888a6433bbae83bf2f7694158d25ceb6e3c7083b447cfb9241e529df0971d70598eb5005e048f605237def92f1a89c6172095272fd13b5add85cdab20015
-
SSDEEP
12288:v+P9B4JFF6iIJoLjIE0LO5Q23eankS0HsQBw:vHJaKE5L4US0HJw
Score
5/10
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1436 set thread context of 4044 1436 regsvr32.exe 85 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe 1436 regsvr32.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1436 regsvr32.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs
pid Process 1436 regsvr32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 4148 wrote to memory of 1436 4148 regsvr32.exe 84 PID 4148 wrote to memory of 1436 4148 regsvr32.exe 84 PID 4148 wrote to memory of 1436 4148 regsvr32.exe 84 PID 1436 wrote to memory of 4044 1436 regsvr32.exe 85 PID 1436 wrote to memory of 4044 1436 regsvr32.exe 85 PID 1436 wrote to memory of 4044 1436 regsvr32.exe 85 PID 1436 wrote to memory of 4044 1436 regsvr32.exe 85 PID 1436 wrote to memory of 4044 1436 regsvr32.exe 85 PID 1436 wrote to memory of 4044 1436 regsvr32.exe 85 PID 1436 wrote to memory of 4044 1436 regsvr32.exe 85 PID 1436 wrote to memory of 4044 1436 regsvr32.exe 85
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\317631.dll1⤵
- Suspicious use of WriteProcessMemory
PID:4148 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\317631.dll2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:1436 -
C:\Windows\SysWOW64\ctfmon.exe"C:\Windows\SysWOW64\ctfmon.exe -p 1234"3⤵PID:4044
-
-