Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

743ac40c6b...18.exe

windows7-x64

7

743ac40c6b...18.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

3

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

EngineApiWrapper.dll

windows7-x64

1

EngineApiWrapper.dll

windows10-2004-x64

1

Filters/LC.dll

windows7-x64

1

Filters/LC.dll

windows10-2004-x64

1

Filters/License.rtf

windows7-x64

4

Filters/License.rtf

windows10-2004-x64

1

Filters/Re...or.exe

windows7-x64

1

Filters/Re...or.exe

windows10-2004-x64

1

Filters/elaudec.dll

windows7-x64

1

Filters/elaudec.dll

windows10-2004-x64

1

Filters/em2vd.dll

windows7-x64

1

Filters/em2vd.dll

windows10-2004-x64

1

Filters/empgpdmx.dll

windows7-x64

1

Filters/empgpdmx.dll

windows10-2004-x64

1

Filters/register.cmd

windows7-x64

1

Filters/register.cmd

windows10-2004-x64

1

Filters/thsource.dll

windows7-x64

1

Filters/thsource.dll

windows10-2004-x64

1

Filters/un...er.cmd

windows7-x64

1

Filters/un...er.cmd

windows10-2004-x64

1

IPDev.Skin...gn.dll

windows7-x64

1

IPDev.Skin...gn.dll

windows10-2004-x64

1

IPDev.Skins.dll

windows7-x64

1

IPDev.Skins.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/05/2024, 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Filters/unregister.cmd

  • Size

    98B

  • MD5

    db1bd76ff52fe427a03204673a307b12

  • SHA1

    72232d601dbeee8e448af0cc41d2d517aa56296d

  • SHA256

    6c3cefca10c5e5676a6ef14e8ca472f8f0a11c3ded7391b14acb24bf3d7b727c

  • SHA512

    1bd2065ac82f7d858eded6ef3348d9d3cd5f5dfb2772d351b77f737a2378eaa7d7e05d6008a36a852647446fc60c9a388fa51e7a8f401c6c43fc287d70f10a24

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Filters\unregister.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4752
    • C:\Windows\system32\regsvr32.exe
      regsvr32 /u /s LC.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:936
      • C:\Windows\SysWOW64\regsvr32.exe
        /u /s LC.dll
        3⤵
          PID:436
      • C:\Windows\system32\regsvr32.exe
        regsvr32 /u /s em2vd.ax
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1184
        • C:\Windows\SysWOW64\regsvr32.exe
          /u /s em2vd.ax
          3⤵
            PID:4124
        • C:\Windows\system32\regsvr32.exe
          regsvr32 /u /s el2ad.ax
          2⤵
            PID:3240
          • C:\Windows\system32\regsvr32.exe
            regsvr32 /u /s elaudec.ax
            2⤵
            • Suspicious use of WriteProcessMemory
            PID:776
            • C:\Windows\SysWOW64\regsvr32.exe
              /u /s elaudec.ax
              3⤵
                PID:4980

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads