Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
3WC_CRACKA ...32.dll
windows7-x64
1WC_CRACKA ...32.dll
windows10-2004-x64
1WC_CRACKA ...V3.dll
windows7-x64
1WC_CRACKA ...V3.dll
windows10-2004-x64
1WC_CRACKA ...02.exe
windows7-x64
1WC_CRACKA ...02.exe
windows10-2004-x64
1WC_CRACKA ...PT.dll
windows7-x64
3WC_CRACKA ...PT.dll
windows10-2004-x64
3WC_CRACKA ...m-.url
windows7-x64
1WC_CRACKA ...m-.url
windows10-2004-x64
1Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15/05/2024, 23:07 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
WC_CRACKA v0.02/COMDLG32.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
WC_CRACKA v0.02/COMDLG32.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
WC_CRACKA v0.02/QSOCKSV3.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
WC_CRACKA v0.02/QSOCKSV3.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
WC_CRACKA v0.02/WC_CRACKAV002.exe
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral6
Sample
WC_CRACKA v0.02/WC_CRACKAV002.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral7
Sample
WC_CRACKA v0.02/YMSG12ENCRYPT.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
WC_CRACKA v0.02/YMSG12ENCRYPT.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral9
Sample
WC_CRACKA v0.02/http--www.blackwidow-softbytes.com-.url
Resource
win7-20240215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
WC_CRACKA v0.02/http--www.blackwidow-softbytes.com-.url
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
WC_CRACKA v0.02/QSOCKSV3.dll
-
Size
44KB
-
MD5
d21093b37d7642806f1e0eb2327f7494
-
SHA1
90901dbc19d59953cc366fb7c561b49325033588
-
SHA256
e38945b307967da9f2654d460cc96728390ff5134ff0a1f035e479559dbff063
-
SHA512
46d8aa06bd8082e7e186a79a6b8372dbbdc14193375bba60ce2ee290f10efb4ae669dbc7af4d64c1b2e3f60834a0990a9333bfa2e85c5c4b3ebf9058f93f4562
-
SSDEEP
768:aac3vyAojN8j/IMIlICg4f+r/5yRTa8Ctw:aacZCgq0ku8Ew
Score
1/10
Malware Config
Signatures
-
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{34C87E90-90C9-41E4-99E8-78D4196B7EDE} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{34C87E90-90C9-41E4-99E8-78D4196B7EDE}\3.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WC_CRACKA v0.02" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\TypeLib\ = "{34C87E90-90C9-41E4-99E8-78D4196B7EDE}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\ToolboxBitmap32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\WC_CRACKA v0.02\\QSOCKSV3.dll, 30000" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\Implemented Categories regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\Control\ regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\MiscStatus\1 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Q_Socks.QSocks regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Q_Socks.QSocks\Clsid\ = "{A5ADDE26-91AE-4770-93B8-D2173C905F3F}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\ProxyStubClsid regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\TypeLib\Version = "3.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\ = "_QSocks" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\TypeLib\Version = "3.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\Control regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\ = "QSocks" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\ProxyStubClsid regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\Implemented Categories\{0DE86A53-2BAA-11CF-A229-00AA003D7352} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{34C87E90-90C9-41E4-99E8-78D4196B7EDE}\3.0\FLAGS\ = "2" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{34C87E90-90C9-41E4-99E8-78D4196B7EDE}\3.0\0\win32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\ = "__QSocks" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\TypeLib\ = "{34C87E90-90C9-41E4-99E8-78D4196B7EDE}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Q_Socks.QSocks\ = "Q_Socks.QSocks" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\TypeLib\ = "{34C87E90-90C9-41E4-99E8-78D4196B7EDE}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\TypeLib\Version = "3.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{34C87E90-90C9-41E4-99E8-78D4196B7EDE}\3.0\HELPDIR regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\MiscStatus regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\TypeLib\ = "{34C87E90-90C9-41E4-99E8-78D4196B7EDE}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Q_Socks.QSocks\Clsid regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{34C87E90-90C9-41E4-99E8-78D4196B7EDE}\3.0\FLAGS regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\TypeLib\ = "{34C87E90-90C9-41E4-99E8-78D4196B7EDE}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\ = "Q_Socks.QSocks" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\VERSION regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\ProxyStubClsid\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\TypeLib\Version = "3.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\ProgID\ = "Q_Socks.QSocks" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\MiscStatus\1\ = "132497" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{34C87E90-90C9-41E4-99E8-78D4196B7EDE}\3.0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{34C87E90-90C9-41E4-99E8-78D4196B7EDE}\3.0\ = "Q_Socks" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD8F5894-5B9C-46EB-BDE8-89E22C71AD56}\ = "_QSocks" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\ProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A5ADDE26-91AE-4770-93B8-D2173C905F3F}\MiscStatus\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TYPELIB\{34C87E90-90C9-41E4-99E8-78D4196B7EDE}\3.0\0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\ = "__QSocks" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BD3F9E85-E6F2-4AAC-821B-64BB59A160A1}\ = "QSocks" regsvr32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1736 wrote to memory of 2720 1736 regsvr32.exe 28 PID 1736 wrote to memory of 2720 1736 regsvr32.exe 28 PID 1736 wrote to memory of 2720 1736 regsvr32.exe 28 PID 1736 wrote to memory of 2720 1736 regsvr32.exe 28 PID 1736 wrote to memory of 2720 1736 regsvr32.exe 28 PID 1736 wrote to memory of 2720 1736 regsvr32.exe 28 PID 1736 wrote to memory of 2720 1736 regsvr32.exe 28