Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
7Static
static
7Wopti.v7.9...ab.dll
windows7-x64
1Wopti.v7.9...ab.dll
windows10-2004-x64
3Wopti.v7.9...ag.dll
windows7-x64
1Wopti.v7.9...ag.dll
windows10-2004-x64
1Wopti.v7.9...ta.dll
windows7-x64
1Wopti.v7.9...ta.dll
windows10-2004-x64
1Wopti.v7.9...ct.sys
windows7-x64
1Wopti.v7.9...ct.sys
windows10-2004-x64
1Wopti.v7.9...2P.dll
windows7-x64
1Wopti.v7.9...2P.dll
windows10-2004-x64
3Wopti.v7.9...es.exe
windows7-x64
7Wopti.v7.9...es.exe
windows10-2004-x64
7Wopti.v7.9...be.dll
windows7-x64
1Wopti.v7.9...be.dll
windows10-2004-x64
1Wopti.v7.9...��.url
windows7-x64
1Wopti.v7.9...��.url
windows10-2004-x64
1Wopti.v7.9...��.exe
windows7-x64
7Wopti.v7.9...��.exe
windows10-2004-x64
7Analysis
-
max time kernel
139s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
19/07/2024, 11:46
Behavioral task
behavioral1
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/D3DX81ab.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/D3DX81ab.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/WoptiDefrag.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral4
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/WoptiDefrag.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/WoptiDefragVista.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral6
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/WoptiDefragVista.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/WoptiHWDetect.sys
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/WoptiHWDetect.sys
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/WoptiP2P.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/WoptiP2P.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/WoptiUtilities.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral12
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/WoptiUtilities.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/Woptiglobe.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/Woptiglobe.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/新云软件.url
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral16
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/新云软件.url
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/磁盘整理功能补丁.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral18
Sample
Wopti.v7.91.Build.9.115.By.MyCrack/磁盘整理功能补丁.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
Wopti.v7.91.Build.9.115.By.MyCrack/WoptiDefragVista.dll
-
Size
325KB
-
MD5
4f4c862fe3e8cbbb99cf93564c090853
-
SHA1
e5de2908b77bf900dedce3db3c99e5c38af88b14
-
SHA256
0976abceadd157349532a2a699982f551c8055f3134d54d3a20054856734f9e4
-
SHA512
673c49c183243f8ff79d19a178290f848869119f350ba377c41173d461c178d8c2d297b0849c102bb2da19004c0f84d70a4fd562c017628e429f852aae2b949c
-
SSDEEP
3072:sg3YY8AftwcpYRJUnaZCiWEtJInefesMSKjdrlLzhT+HfOak9N361ljU6XtiYD1m:5IFBtJ49sMSKjdrtzofkAlgYDB5EZ9n
Malware Config
Signatures
-
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\NewDefrag.DLL\AppID = "{0947B227-E954-4F30-A537-9A1B03985984}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CFBE9BC0-DD42-4134-A5F5-C721A8329749}\VersionIndependentProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F2BBC3A4-E559-4CAF-896F-FAD4CD3FDFDB}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NewDefrag.NewDefragControl\ = "NewDefragControl Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CFBE9BC0-DD42-4134-A5F5-C721A8329749}\TypeLib\ = "{0D2DA3FE-347F-497F-9CFC-B62D07FF8AB9}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0D2DA3FE-347F-497F-9CFC-B62D07FF8AB9}\1.0\HELPDIR\ regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F2BBC3A4-E559-4CAF-896F-FAD4CD3FDFDB}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\NumMethods\ = "47" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F2BBC3A4-E559-4CAF-896F-FAD4CD3FDFDB}\TypeLib regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CFBE9BC0-DD42-4134-A5F5-C721A8329749}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0D2DA3FE-347F-497F-9CFC-B62D07FF8AB9}\1.0\FLAGS regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{0947B227-E954-4F30-A537-9A1B03985984} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\TypeLib\ = "{0D2DA3FE-347F-497F-9CFC-B62D07FF8AB9}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NewDefrag.NewDefragControl\CurVer regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CFBE9BC0-DD42-4134-A5F5-C721A8329749}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Wopti.v7.91.Build.9.115.By.MyCrack\\WoptiDefragVista.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0D2DA3FE-347F-497F-9CFC-B62D07FF8AB9}\1.0\0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\ = "INewDefragControl" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\InProcServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CFBE9BC0-DD42-4134-A5F5-C721A8329749}\AppID = "{0947B227-E954-4F30-A537-9A1B03985984}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0D2DA3FE-347F-497F-9CFC-B62D07FF8AB9}\1.0\ = "NewDefrag 1.0 ÀàÐÍ¿â" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0D2DA3FE-347F-497F-9CFC-B62D07FF8AB9}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Wopti.v7.91.Build.9.115.By.MyCrack\\WoptiDefragVista.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\WOW6432Node\Interface regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0D2DA3FE-347F-497F-9CFC-B62D07FF8AB9}\1.0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F2BBC3A4-E559-4CAF-896F-FAD4CD3FDFDB}\TypeLib\ = "{0D2DA3FE-347F-497F-9CFC-B62D07FF8AB9}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\ = "PSFactoryBuffer" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\NewDefrag.DLL regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NewDefrag.NewDefragControl\CLSID\ = "{CFBE9BC0-DD42-4134-A5F5-C721A8329749}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\ = "INewDefragControl" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NewDefrag.NewDefragControl\CurVer\ = "NewDefrag.NewDefragControl.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CFBE9BC0-DD42-4134-A5F5-C721A8329749}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0D2DA3FE-347F-497F-9CFC-B62D07FF8AB9} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F2BBC3A4-E559-4CAF-896F-FAD4CD3FDFDB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\NumMethods regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NewDefrag.NewDefragControl.1\CLSID\ = "{CFBE9BC0-DD42-4134-A5F5-C721A8329749}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CFBE9BC0-DD42-4134-A5F5-C721A8329749}\VersionIndependentProgID\ = "NewDefrag.NewDefragControl" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F2BBC3A4-E559-4CAF-896F-FAD4CD3FDFDB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F2BBC3A4-E559-4CAF-896F-FAD4CD3FDFDB}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NewDefrag.NewDefragControl.1\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CFBE9BC0-DD42-4134-A5F5-C721A8329749}\ProgID\ = "NewDefrag.NewDefragControl.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F2BBC3A4-E559-4CAF-896F-FAD4CD3FDFDB}\TypeLib\ = "{0D2DA3FE-347F-497F-9CFC-B62D07FF8AB9}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\TypeLib\ = "{0D2DA3FE-347F-497F-9CFC-B62D07FF8AB9}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\ProxyStubClsid32\ = "{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CFBE9BC0-DD42-4134-A5F5-C721A8329749}\ = "NewDefragControl Class" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CFBE9BC0-DD42-4134-A5F5-C721A8329749}\Programmable regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{0D2DA3FE-347F-497F-9CFC-B62D07FF8AB9}\1.0\0\win32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Wopti.v7.91.Build.9.115.By.MyCrack\\WoptiDefragVista.dll" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CFBE9BC0-DD42-4134-A5F5-C721A8329749} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CFBE9BC0-DD42-4134-A5F5-C721A8329749}\InprocServer32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F2BBC3A4-E559-4CAF-896F-FAD4CD3FDFDB}\ = "_INewDefragControlEvents" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F2BBC3A4-E559-4CAF-896F-FAD4CD3FDFDB} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F2BBC3A4-E559-4CAF-896F-FAD4CD3FDFDB}\ = "_INewDefragControlEvents" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F2BBC3A4-E559-4CAF-896F-FAD4CD3FDFDB}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A25FE7DA-BEEA-49DD-AEAA-791A3B80E7E0}\InProcServer32\ThreadingModel = "Both" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{0947B227-E954-4F30-A537-9A1B03985984}\ = "NewDefrag" regsvr32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 644 wrote to memory of 3224 644 regsvr32.exe 84 PID 644 wrote to memory of 3224 644 regsvr32.exe 84 PID 644 wrote to memory of 3224 644 regsvr32.exe 84
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\Wopti.v7.91.Build.9.115.By.MyCrack\WoptiDefragVista.dll1⤵
- Suspicious use of WriteProcessMemory
PID:644 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\Wopti.v7.91.Build.9.115.By.MyCrack\WoptiDefragVista.dll2⤵
- Modifies registry class
PID:3224
-