Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    131s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/09/2024, 09:58

General

  • Target

    a271ab91d28144427110c8cae31f41faff04454085c8673fe7c299e1eca3fd49.dll

  • Size

    10.5MB

  • MD5

    abda74493e06b61ea5d529fb1ef19331

  • SHA1

    a4ff549fc52d05dfb84aeb4e19113e8912aba602

  • SHA256

    a271ab91d28144427110c8cae31f41faff04454085c8673fe7c299e1eca3fd49

  • SHA512

    f0a04eeb2c7e8959f5cfe6a973a1c07e4e7b5884f5f4e7cf6898980e2cfb1a06fc401cd7ca68385e39dee695a55a33a1dab2c2cdfbab240061486cabc6446038

  • SSDEEP

    196608:6WM7vYhYzjpz2BDvhKZu5EbNJxKtsbJc9Yrg1sf7JhU2KqVPmcei1mByKs0W:ovYiwBgE5EbNDKtsbwYrAsthUnUtmByv

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a271ab91d28144427110c8cae31f41faff04454085c8673fe7c299e1eca3fd49.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3924
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\a271ab91d28144427110c8cae31f41faff04454085c8673fe7c299e1eca3fd49.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of WriteProcessMemory
      PID:5636
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Users\Admin\AppData\Local\Temp\a271ab91d28144427110c8cae31f41faff04454085c8673fe7c299e1eca3fd49.dll" 24406 7AB134E1-613F-4A85-A45B-761ECE6C45ED
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2896
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4128,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=944 /prefetch:8
    1⤵
      PID:2028

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\SafeNet Sentinel\Sentinel LDK\8a200880-346f-e1c6-02f0-6f81e85490d4\.434e4631\.dkffgahj

      Filesize

      140B

      MD5

      6acf24c1102c817e0473d92bd8855b3a

      SHA1

      1aba3f09540ab49b6286544c40636e58e45bb4d2

      SHA256

      453f421e18591532dba3c25df868641b8c15fb36fa5b6a1af4b3b28ad5f5f71b

      SHA512

      4019ab8c2770737a80125fe81451dfe16f4a23dd5e51f617f9d77400ef6071fc6823a55773944137c6ff974927420fb02bf61d75e5cb07df08fe686bcd0f791b

    • memory/2896-1-0x0000000011000000-0x00000000132BA000-memory.dmp

      Filesize

      34.7MB

    • memory/5636-0-0x0000000011000000-0x00000000132BA000-memory.dmp

      Filesize

      34.7MB