Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
06/04/2024, 15:00
Static task
static1
Behavioral task
behavioral1
Sample
12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll
Resource
win10v2004-20240226-en
General
-
Target
12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll
-
Size
4.0MB
-
MD5
cd943dd59e6a6e21c843359c1c978665
-
SHA1
3ae07a6d18ab308534742f4213192867bfca2f5d
-
SHA256
12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387
-
SHA512
18e6a012a81d2972a5b745db20e27779658d4a619b12dc75ea1ebf13cd33a8562b50a9475312b15b9346225bb07121aced2e9280fb4c95603f515267d769905d
-
SSDEEP
49152:lSOz1DGVZoCfa1EKaK2urWPELcLH++3JBF93ZglJJ2IC0Bciuq+GBr/yVf0rE:JJMKaHLLSx2IBciuLFKE
Malware Config
Signatures
-
Registers COM server for autorun 1 TTPs 6 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe -
Modifies registry class 55 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\Programmable regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib\ = "{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\Version\ = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\0\win32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ = "IMy64Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math\CurVer regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\FLAGS\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\Version regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\Version\ = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\ProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\VersionIndependentProgID\ = "My64Class.math" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\TypeLib\ = "{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\ = "CompReg Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\ProgID\ = "My64Class.math.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\ = "My64Class Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math.1\CLSID\ = "{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ = "IMy64Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib\ = "{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math.1 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\Version regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math\CurVer\ = "My64Class.math.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\12e5bcf0cc9456b2b199a492a2b9190f111dcadf3c806dd336925ee445217387.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\VersionIndependentProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math\ = "My64Class Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math.1\ = "My64Class Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E9B3E2F6-FA61-444B-85EB-09576C84D299}\TypeLib\ = "{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\FLAGS regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\My64Class.math.1\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\ = "my64Lib" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{5C42FC68-76B3-4FFC-BE31-D8A9F90D3E66}\1.0\HELPDIR regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{779E5EBB-4922-417A-905D-207CE4784BA3}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6679E95A-EE06-4571-BFA2-6F3DFF46DD5D}\TypeLib regsvr32.exe