Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

c011a30120...03.dll

windows7-x64

7

c011a30120...03.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/03/2024, 06:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c011a30120b4e0cb28fb22537a912703.dll

  • Size

    32KB

  • MD5

    c011a30120b4e0cb28fb22537a912703

  • SHA1

    59468ec09787ff3ef8e04d390b786e90ea0be8d9

  • SHA256

    9961869f01394fde9dbd52c89f1f4fc6bdf84f5516b0e21798b5b9f3835d07ea

  • SHA512

    67166510d218ef1453b510d3e3c17cf7f0d5b084ecf0b399fd448aa7684d0b4994dc6c1809bcad1f7babd2302032ec10112a4ead2562fbc909f97ecf66371be1

  • SSDEEP

    384:cKHyno+kEoNdDytwHUgy4uytzjL/8p2Ym:ccAxVoNdyuUg3tzf8pY

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Modifies registry class 10 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c011a30120b4e0cb28fb22537a912703.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3732
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\c011a30120b4e0cb28fb22537a912703.dll
      2⤵
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2020
      • C:\Windows\SysWOW64\L70000008.exe
        "C:\Windows\System32\L70000008.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:680
        • C:\Users\Admin\AppData\Local\Temp\sfx3042.tmp
          P
          4⤵
          • Executes dropped EXE
          PID:2428
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4116 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:3760

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\sfx3042.tmp
      Filesize

      6KB

      MD5

      1d4d0eb07ab71126e10c3d6f1d0a1fa0

      SHA1

      9f110179e4878e352fe837e050b9e883c83ff8e7

      SHA256

      17a9a978fdb0234abd67a00edb0cabe0df79cc7f33727cbe94cfc4defa89d877

      SHA512

      d76b6fcd437ae10847e034f8815b7fd1f0f0d48166398ddf1e1b373c708be3914bc9e0b603d6eaabc6375b63b809e976d22c29886a1f032e20277ebdf6beee43

      Download Submit

    • C:\Windows\SysWOW64\L70000008.exe
      Filesize

      11KB

      MD5

      aec1935b5e6847b942284e380d23a3c9

      SHA1

      9b286d6da4ebdc0c9129cdf1144694824b340d70

      SHA256

      b60b0865a051430ceeb51b19bae00cd48675b5db83df55cd64939e5a115420e6

      SHA512

      b454649cac2eaabb56b4300b95f7fa4745043a83b6daedea2383bc0c01bfb722e79742a9cc46c75202c450f936bbc9a579f31200c230fe35cec43c33a3150c87

      Download Submit