Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

29718855a5...18.exe

windows7-x64

7

29718855a5...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Dll/Regdll.exe

windows7-x64

1

Dll/Regdll.exe

windows10-2004-x64

1

Dll/unRegdll.exe

windows7-x64

1

Dll/unRegdll.exe

windows10-2004-x64

1

Dll/web2pic_url.dll

windows7-x64

1

Dll/web2pic_url.dll

windows10-2004-x64

1

Help.chm

windows7-x64

1

Help.chm

windows10-2004-x64

1

Web2Pic_Pro.exe

windows7-x64

4

Web2Pic_Pro.exe

windows10-2004-x64

4

example.bat

windows7-x64

4

example.bat

windows10-2004-x64

4

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/07/2024, 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Dll/unRegdll.exe

  • Size

    87KB

  • MD5

    593589d580fed08c05253db1f5ccee77

  • SHA1

    1026e7b28b42fac7bac8fa8311130980ceda4bb7

  • SHA256

    484f0d5ea58ff60f17bdc1a410154dd7696dab4e18026bac0165c06cf3069b5f

  • SHA512

    fccb7f6ccc02cefdfece7fd1c41da762b19d6faa4d8179667e3c82d295d5ddc5934b9f32bc7d9cd0574f7b1d2e7de27fc411e0802b6d76c450cd1c962f17259a

  • SSDEEP

    1536:PiUqXwQFxHosXSo2kAiVqWlJHouEByucdEDELc0mMTdKx96YubYMXzbM9:PIwkx9ikA+qI9ouEByucdEDELc0mSdsZ

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Dll\unRegdll.exe
    "C:\Users\Admin\AppData\Local\Temp\Dll\unRegdll.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s /u "C:\Users\Admin\AppData\Local\Temp\Dll\web2pic_url.dll"
      2⤵
        PID:4852

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2256-0-0x0000000000400000-0x000000000041C000-memory.dmp

      Filesize

      112KB

      Download