Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
06/04/2024, 15:02
Static task
static1
Behavioral task
behavioral1
Sample
4fc90290ee0c503c00448df7a3a84c1a88f07ba776dad08dfe43dd3e960d105c.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
4fc90290ee0c503c00448df7a3a84c1a88f07ba776dad08dfe43dd3e960d105c.dll
Resource
win10v2004-20240226-en
General
-
Target
4fc90290ee0c503c00448df7a3a84c1a88f07ba776dad08dfe43dd3e960d105c.dll
-
Size
12.4MB
-
MD5
827eca9ec457f3c5180f602832f44955
-
SHA1
f2cf3e8e45aef14e1dae48f71dd4a1661bf7d6e8
-
SHA256
4fc90290ee0c503c00448df7a3a84c1a88f07ba776dad08dfe43dd3e960d105c
-
SHA512
76d02dfd8a4f88488b85a89914b704b72314798f546beaf4605f577b9202abbf9b64121f70b540eefa71554ebc109499f71f112bb3f318a02bda36b966e883e6
-
SSDEEP
393216:wAOrOodVuw/7L8mCV9MPiojSJ4hToqTLe:wAOrRd4Lme9tJ4hje
Malware Config
Signatures
-
Modifies system executable filetype association 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C}\ = "UTShellExt" regsvr32.exe -
Registers COM server for autorun 1 TTPs 3 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4fc90290ee0c503c00448df7a3a84c1a88f07ba776dad08dfe43dd3e960d105c.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C}\InProcServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C}\InProcServer32 regsvr32.exe -
Modifies registry class 9 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Msi.Package\shellex\ContextMenuHandlers\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C}\ = "UTShellExt" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C}\InProcServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C}\InProcServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\4fc90290ee0c503c00448df7a3a84c1a88f07ba776dad08dfe43dd3e960d105c.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C}\ = "UTShellExt" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Msi.Package\shellex\ContextMenuHandlers\{FE8E6AD6-DABE-45E1-88C2-48DC4578924C}\ = "UTShellExt" regsvr32.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Change Default File Association
1