Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

743ac40c6b...18.exe

windows7-x64

7

743ac40c6b...18.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

EngineApiWrapper.dll

windows7-x64

1

EngineApiWrapper.dll

windows10-2004-x64

1

Filters/LC.dll

windows7-x64

1

Filters/LC.dll

windows10-2004-x64

1

Filters/License.rtf

windows7-x64

4

Filters/License.rtf

windows10-2004-x64

1

Filters/Re...or.exe

windows7-x64

1

Filters/Re...or.exe

windows10-2004-x64

1

Filters/elaudec.dll

windows7-x64

1

Filters/elaudec.dll

windows10-2004-x64

1

Filters/em2vd.dll

windows7-x64

1

Filters/em2vd.dll

windows10-2004-x64

1

Filters/empgpdmx.dll

windows7-x64

1

Filters/empgpdmx.dll

windows10-2004-x64

1

Filters/register.cmd

windows7-x64

1

Filters/register.cmd

windows10-2004-x64

1

Filters/thsource.dll

windows7-x64

1

Filters/thsource.dll

windows10-2004-x64

1

Filters/un...er.cmd

windows7-x64

1

Filters/un...er.cmd

windows10-2004-x64

1

IPDev.Skin...gn.dll

windows7-x64

1

IPDev.Skin...gn.dll

windows10-2004-x64

1

IPDev.Skins.dll

windows7-x64

1

IPDev.Skins.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    26/05/2024, 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Filters/unregister.cmd

  • Size

    98B

  • MD5

    db1bd76ff52fe427a03204673a307b12

  • SHA1

    72232d601dbeee8e448af0cc41d2d517aa56296d

  • SHA256

    6c3cefca10c5e5676a6ef14e8ca472f8f0a11c3ded7391b14acb24bf3d7b727c

  • SHA512

    1bd2065ac82f7d858eded6ef3348d9d3cd5f5dfb2772d351b77f737a2378eaa7d7e05d6008a36a852647446fc60c9a388fa51e7a8f401c6c43fc287d70f10a24

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: CmdExeWriteProcessMemorySpam 4 IoCs
  • Suspicious use of WriteProcessMemory 41 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Filters\unregister.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Windows\system32\regsvr32.exe
      regsvr32 /u /s LC.dll
      2⤵
      • Suspicious behavior: CmdExeWriteProcessMemorySpam
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Windows\SysWOW64\regsvr32.exe
        /u /s LC.dll
        3⤵
          PID:2980
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /u /s em2vd.ax
        2⤵
        • Suspicious behavior: CmdExeWriteProcessMemorySpam
        • Suspicious use of WriteProcessMemory
        PID:3068
        • C:\Windows\SysWOW64\regsvr32.exe
          /u /s em2vd.ax
          3⤵
            PID:1984
        • C:\Windows\system32\regsvr32.exe
          regsvr32 /u /s el2ad.ax
          2⤵
          • Suspicious behavior: CmdExeWriteProcessMemorySpam
          PID:2616
        • C:\Windows\system32\regsvr32.exe
          regsvr32 /u /s elaudec.ax
          2⤵
          • Suspicious behavior: CmdExeWriteProcessMemorySpam
          • Suspicious use of WriteProcessMemory
          PID:2884
          • C:\Windows\SysWOW64\regsvr32.exe
            /u /s elaudec.ax
            3⤵
              PID:2136

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads