Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

df282d7ac8...0N.dll

windows7-x64

1

df282d7ac8...0N.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/07/2024, 13:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df282d7ac86fd0852ff3fcef7cf85960N.dll

  • Size

    424KB

  • MD5

    df282d7ac86fd0852ff3fcef7cf85960

  • SHA1

    19c214c7cf647e6dcbb0c0ae51a7dc6be91da63a

  • SHA256

    936ef8203a489dd893be8806ff71aa9a87ff7b5b704da39f3f05b7748e4d7248

  • SHA512

    62ba80d7b55c91a2e8b7a94bce241f2f6d613cf289e3998f3379558e8a67332cb6fd2c8daf80e9979c0b4704992a15780dadc406eb319c5b43a0454e4c999221

  • SSDEEP

    6144:Tb8MPnJZSgpC7KgDZfIli03UVSydGt7y0gkbByFfA0H2ihpj6Yx:Tb8MPnJZu7KgDZAlidFd07ByRA0x5

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\df282d7ac86fd0852ff3fcef7cf85960N.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4532
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\df282d7ac86fd0852ff3fcef7cf85960N.dll
      2⤵
        PID:1132

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads