Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
3SnagIt 8/2...D8.dll
windows7-x64
1SnagIt 8/2...D8.dll
windows10-2004-x64
SnagIt 8/A...er.dll
windows7-x64
1SnagIt 8/A...er.dll
windows10-2004-x64
1SnagIt 8/D...64.dll
windows7-x64
7SnagIt 8/D...64.dll
windows10-2004-x64
7SnagIt 8/D...64.dll
windows7-x64
7SnagIt 8/D...64.dll
windows10-2004-x64
7SnagIt 8/D...64.dll
windows7-x64
1SnagIt 8/D...64.dll
windows10-2004-x64
1SnagIt 8/D...64.dll
windows7-x64
7SnagIt 8/D...64.dll
windows10-2004-x64
7SnagIt 8/D...80.dll
windows7-x64
1SnagIt 8/D...80.dll
windows10-2004-x64
1SnagIt 8/D...80.dll
windows7-x64
1SnagIt 8/D...80.dll
windows10-2004-x64
1SnagIt 8/LFCMP12n.dll
windows7-x64
1SnagIt 8/LFCMP12n.dll
windows10-2004-x64
1SnagIt 8/LTDIS12n.dll
windows7-x64
1SnagIt 8/LTDIS12n.dll
windows10-2004-x64
1SnagIt 8/LTSCR12n.dll
windows7-x64
1SnagIt 8/LTSCR12n.dll
windows10-2004-x64
1SnagIt 8/Lfpct12n.dll
windows7-x64
1SnagIt 8/Lfpct12n.dll
windows10-2004-x64
1SnagIt 8/Lfpng12n.dll
windows7-x64
1SnagIt 8/Lfpng12n.dll
windows10-2004-x64
1SnagIt 8/Lfwmf12n.dll
windows7-x64
1SnagIt 8/Lfwmf12n.dll
windows10-2004-x64
1SnagIt 8/MFC80CHS.dll
windows7-x64
1SnagIt 8/MFC80CHS.dll
windows10-2004-x64
1SnagIt 8/MFC80CHT.dll
windows7-x64
1SnagIt 8/MFC80CHT.dll
windows10-2004-x64
1Analysis
-
max time kernel
119s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
08/03/2024, 05:17
Static task
static1
Behavioral task
behavioral1
Sample
SnagIt 8/2KXP/SNAGITD8.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
SnagIt 8/2KXP/SNAGITD8.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
SnagIt 8/AccessoryInstaller.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
SnagIt 8/AccessoryInstaller.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
SnagIt 8/DLLx64/SnagItBHO64.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
SnagIt 8/DLLx64/SnagItBHO64.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
SnagIt 8/DLLx64/SnagItIEAddin64.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
SnagIt 8/DLLx64/SnagItIEAddin64.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
SnagIt 8/DLLx64/SnagItIEAddinRes64.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
SnagIt 8/DLLx64/SnagItIEAddinRes64.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
SnagIt 8/DLLx64/SnagItShellExt64.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
SnagIt 8/DLLx64/SnagItShellExt64.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
SnagIt 8/DLLx64/msvcp80.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
SnagIt 8/DLLx64/msvcp80.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
SnagIt 8/DLLx64/msvcr80.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral16
Sample
SnagIt 8/DLLx64/msvcr80.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
SnagIt 8/LFCMP12n.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
SnagIt 8/LFCMP12n.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
SnagIt 8/LTDIS12n.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
SnagIt 8/LTDIS12n.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
SnagIt 8/LTSCR12n.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
SnagIt 8/LTSCR12n.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
SnagIt 8/Lfpct12n.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
SnagIt 8/Lfpct12n.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
SnagIt 8/Lfpng12n.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral26
Sample
SnagIt 8/Lfpng12n.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
SnagIt 8/Lfwmf12n.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
SnagIt 8/Lfwmf12n.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
SnagIt 8/MFC80CHS.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
SnagIt 8/MFC80CHS.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
SnagIt 8/MFC80CHT.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
SnagIt 8/MFC80CHT.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
SnagIt 8/DLLx64/SnagItIEAddin64.dll
-
Size
204KB
-
MD5
766954ee1b145458611924f97b9d3094
-
SHA1
85619e6b768b3cc2e80ea388a8d41ef2f2b37fe9
-
SHA256
77b954721de1dc5fdb508fdd98df0ed0563e4e72624dc581878762c6adf1311d
-
SHA512
de5eeb32aac8f684828371d3b5fc17620dcfb063d2dd4fb5bf69cc2efcd731134128b215289e4988eef699740a212d3a08adc771b48e307dc3ca13a1d3082c40
-
SSDEEP
3072:iKZ+HQDvmK1h3xa1YT/EXo8u6MU/BG2M60ui3AopJvAp1J31ZBXXCvJBA50jUO5F:iWvY/B3SUp111ZBXSj7UO5/hGB+
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\SnagIt 8\\DLLx64\\SnagItIEAddin64.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe -
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86300DD7-B136-40d9-823C-22EBD55D7858}\AppName regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86300DD7-B136-40d9-823C-22EBD55D7858}\AppPath regsvr32.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86300DD7-B136-40d9-823C-22EBD55D7858}\Policy = "3" regsvr32.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Toolbar regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} regsvr32.exe Key created \REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86300DD7-B136-40d9-823C-22EBD55D7858} regsvr32.exe -
Modifies registry class 19 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6E1F29D1-BF21-425B-A313-940C87CC3E8C}\1.0\0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\ = "SnagIt" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6E1F29D1-BF21-425B-A313-940C87CC3E8C}\1.0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6E1F29D1-BF21-425B-A313-940C87CC3E8C}\1.0\ = "IEAddin 1.0 Type Library" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\SnagIt 8\\DLLx64\\SnagItIEAddin64.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\SnagItIEAddin.DLL regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\SnagItIEAddin.DLL\AppID = "{9D752205-8198-4F60-A0F5-6C7DEA7F2282}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{9D752205-8198-4F60-A0F5-6C7DEA7F2282} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{9D752205-8198-4F60-A0F5-6C7DEA7F2282}\ = "IEAddin" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6E1F29D1-BF21-425B-A313-940C87CC3E8C}\1.0\FLAGS\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6E1F29D1-BF21-425B-A313-940C87CC3E8C}\1.0\0\win64 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6E1F29D1-BF21-425B-A313-940C87CC3E8C}\1.0\0\win64\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\SnagIt 8\\DLLx64\\SnagItIEAddin64.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6E1F29D1-BF21-425B-A313-940C87CC3E8C}\1.0\HELPDIR regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6E1F29D1-BF21-425B-A313-940C87CC3E8C}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\SnagIt 8\\DLLx64\\" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6E1F29D1-BF21-425B-A313-940C87CC3E8C} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{6E1F29D1-BF21-425B-A313-940C87CC3E8C}\1.0\FLAGS regsvr32.exe