Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/03/2024, 06:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0f5cfe35cc048d6f41b7503f62ac145b9ff1cd6106f4efe5f80d9d47c8fb820a.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0f5cfe35cc048d6f41b7503f62ac145b9ff1cd6106f4efe5f80d9d47c8fb820a.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
0f5cfe35cc048d6f41b7503f62ac145b9ff1cd6106f4efe5f80d9d47c8fb820a.dll
-
Size
436KB
-
MD5
0cc9274e0a46923fe47eebe79ff35550
-
SHA1
35d3f2eec2d781235ab9a22d590fac61799ba838
-
SHA256
0f5cfe35cc048d6f41b7503f62ac145b9ff1cd6106f4efe5f80d9d47c8fb820a
-
SHA512
8ed6dc34decab4b680d8fb35d880d060dd94a910a9cc0eb42b5ec0959173621bcde1d856f992f7e9bf637bb2afdd54d4210e17e5821b251fca63d8886bdadbca
-
SSDEEP
3072:Rt97eUraWjxDEyR1BeWKVVTzPihVEjxLdJjo7gykKhTTexOZK8Rj9xuLLLLLLsL2:tdeWjvuW4OEqkoC9K7PMmzXUknlg3o8
Score
1/10
Malware Config
Signatures
-
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\ = "Open" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3EEF9758-35FC-11D1-8CE4-00C04FC2B185}\1.0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B186}\ = "GlobalObj" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B186}\ProxyStubClsid regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B186}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B187}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F4DACB0-160D-11D2-A8E9-00104B365C9F}\ProxyStubClsid regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3EEF9758-35FC-11D1-8CE4-00C04FC2B185}\1.0\0\win64 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3EEF9758-35FC-11D1-8CE4-00C04FC2B185}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\0f5cfe35cc048d6f41b7503f62ac145b9ff1cd6106f4efe5f80d9d47c8fb820a.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B187}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\Command\ = "\"C:\\Windows\\system32\\notepad.exe\" %1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open2\Command regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F4DACA2-160D-11D2-A8E9-00104B365C9F}\ProxyStubClsid regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VBScript Author\ = "VB Script Language Authoring" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\ = "VBScript Script File" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\ScriptEngine\ = "VBScript" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open2\Command\ = "\"C:\\Windows\\system32\\cscript.exe\" \"%1\" %*" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B186} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F4DACA0-160D-11D2-A8E9-00104B365C9F} regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\ScriptEngine regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\ShellEx\PropertySheetHandlers regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open2 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VBS\ = "VB Script Language" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\Command regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B187}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open\Command regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B186}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B187}\ProxyStubClsid regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F4DACB1-160D-11D2-A8E9-00104B365C9F}\ProxyStubClsid regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VBScript\ = "VB Script Language" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\ScriptHostEncode regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open\Command regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Print regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F4DACA2-160D-11D2-A8E9-00104B365C9F} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F4DACB2-160D-11D2-A8E9-00104B365C9F} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\ScriptEngine regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit\Command regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B186}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F4DACA1-160D-11D2-A8E9-00104B365C9F} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F4DACB0-160D-11D2-A8E9-00104B365C9F} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VBS Author\ = "VB Script Language Authoring" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open2\Command regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\ShellEx regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Print\Command\ = "\"C:\\Windows\\system32\\notepad.exe\" /p %1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3EEF9758-35FC-11D1-8CE4-00C04FC2B185} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B186}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B187}\TypeLib\ = "{3EEF9758-35FC-11D1-8CE4-00C04FC2B185}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3EEF9758-35FC-11D1-8CE4-00C04FC2B185}\1.0\ = "Microsoft VBScript Globals" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B187} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3EEF9758-35FC-11D1-8CE4-00C04FC2B187}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VBScript.RegExp\ = "VBScript Regular Expression" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\VBScript.Encode\ = "VB Script Language Encoding" regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\ShellEx\PropertySheetHandlers\WSHProps regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3EEF9758-35FC-11D1-8CE4-00C04FC2B185}\1.0\FLAGS regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F4DACB2-160D-11D2-A8E9-00104B365C9F}\ProxyStubClsid regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Edit regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\Shell\Open2 regsvr32.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VBSFile\ShellEx\DropHandler regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{3F4DACB3-160D-11D2-A8E9-00104B365C9F} regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\0f5cfe35cc048d6f41b7503f62ac145b9ff1cd6106f4efe5f80d9d47c8fb820a.dll1⤵
- Modifies registry class
PID:1000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4192 --field-trial-handle=2276,i,5697607538120380977,9987005253899555344,262144 --variations-seed-version /prefetch:81⤵PID:3616