Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
3cvery.comd...LB.vbs
windows7-x64
1cvery.comd...LB.vbs
windows10-2004-x64
1cvery.comd...ad.dll
windows7-x64
3cvery.comd...ad.dll
windows10-2004-x64
3cvery.comd...ain.js
windows7-x64
3cvery.comd...ain.js
windows10-2004-x64
3cvery.comd...mo.htm
windows7-x64
3cvery.comd...mo.htm
windows10-2004-x64
3cvery.comd...t1.exe
windows7-x64
3cvery.comd...t1.exe
windows10-2004-x64
3Analysis
-
max time kernel
141s -
max time network
20s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
22/08/2024, 09:43
Static task
static1
Behavioral task
behavioral1
Sample
cvery.comdel9204534525/Delphi写ASP组件实现快速多文件WEB上传/ASPTypeLibrary_TLB.vbs
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
cvery.comdel9204534525/Delphi写ASP组件实现快速多文件WEB上传/ASPTypeLibrary_TLB.vbs
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
cvery.comdel9204534525/Delphi写ASP组件实现快速多文件WEB上传/FileUpload.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
cvery.comdel9204534525/Delphi写ASP组件实现快速多文件WEB上传/FileUpload.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
cvery.comdel9204534525/Delphi写ASP组件实现快速多文件WEB上传/Main.js
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
cvery.comdel9204534525/Delphi写ASP组件实现快速多文件WEB上传/Main.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
cvery.comdel9204534525/Delphi写ASP组件实现快速多文件WEB上传/Web Demo/demo.htm
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
cvery.comdel9204534525/Delphi写ASP组件实现快速多文件WEB上传/Web Demo/demo.htm
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
cvery.comdel9204534525/Project1.exe
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
cvery.comdel9204534525/Project1.exe
Resource
win10v2004-20240802-en
General
-
Target
cvery.comdel9204534525/Delphi写ASP组件实现快速多文件WEB上传/FileUpload.dll
-
Size
411KB
-
MD5
fb49d1f67ba5cfa89d375c87f5f60546
-
SHA1
be2f62ddc05ec2c75cc96691ab0e6b852a71c2ad
-
SHA256
5a28a512d0757044faecb6b54e2e13c09de1f2a32aa5bc6d5f401a3d9db9731b
-
SHA512
bf8a6716b027fd879e5055c5d4c3b22386df794ca5b60ea852cabfe812b5df5b85d195809a69dd33de417a38c1b8f66433b0da87f84519d458d237dfcb93c6fa
-
SSDEEP
12288:819yf+Y2sf504HFeK0vAd7i2vtImQ2IB:81kWYq4HnjI6
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1632 1584 WerFault.exe 30 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2232 wrote to memory of 1584 2232 regsvr32.exe 30 PID 2232 wrote to memory of 1584 2232 regsvr32.exe 30 PID 2232 wrote to memory of 1584 2232 regsvr32.exe 30 PID 2232 wrote to memory of 1584 2232 regsvr32.exe 30 PID 2232 wrote to memory of 1584 2232 regsvr32.exe 30 PID 2232 wrote to memory of 1584 2232 regsvr32.exe 30 PID 2232 wrote to memory of 1584 2232 regsvr32.exe 30 PID 1584 wrote to memory of 1632 1584 regsvr32.exe 31 PID 1584 wrote to memory of 1632 1584 regsvr32.exe 31 PID 1584 wrote to memory of 1632 1584 regsvr32.exe 31 PID 1584 wrote to memory of 1632 1584 regsvr32.exe 31
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\cvery.comdel9204534525\Delphi写ASP组件实现快速多文件WEB上传\FileUpload.dll1⤵
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\cvery.comdel9204534525\Delphi写ASP组件实现快速多文件WEB上传\FileUpload.dll2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1584 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 2923⤵
- Program crash
PID:1632
-
-