Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
133s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/09/2024, 09:58
Static task
static1
Behavioral task
behavioral1
Sample
a271ab91d28144427110c8cae31f41faff04454085c8673fe7c299e1eca3fd49.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
a271ab91d28144427110c8cae31f41faff04454085c8673fe7c299e1eca3fd49.dll
Resource
win10v2004-20240802-en
General
-
Target
a271ab91d28144427110c8cae31f41faff04454085c8673fe7c299e1eca3fd49.dll
-
Size
10.5MB
-
MD5
abda74493e06b61ea5d529fb1ef19331
-
SHA1
a4ff549fc52d05dfb84aeb4e19113e8912aba602
-
SHA256
a271ab91d28144427110c8cae31f41faff04454085c8673fe7c299e1eca3fd49
-
SHA512
f0a04eeb2c7e8959f5cfe6a973a1c07e4e7b5884f5f4e7cf6898980e2cfb1a06fc401cd7ca68385e39dee695a55a33a1dab2c2cdfbab240061486cabc6446038
-
SSDEEP
196608:6WM7vYhYzjpz2BDvhKZu5EbNJxKtsbJc9Yrg1sf7JhU2KqVPmcei1mByKs0W:ovYiwBgE5EbNDKtsbwYrAsthUnUtmByv
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 regsvr32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier regsvr32.exe -
Enumerates system info in registry 2 TTPs 2 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS regsvr32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer regsvr32.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 3924 wrote to memory of 5636 3924 regsvr32.exe 90 PID 3924 wrote to memory of 5636 3924 regsvr32.exe 90 PID 3924 wrote to memory of 5636 3924 regsvr32.exe 90 PID 5636 wrote to memory of 2896 5636 regsvr32.exe 91 PID 5636 wrote to memory of 2896 5636 regsvr32.exe 91 PID 5636 wrote to memory of 2896 5636 regsvr32.exe 91
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\a271ab91d28144427110c8cae31f41faff04454085c8673fe7c299e1eca3fd49.dll1⤵
- Suspicious use of WriteProcessMemory
PID:3924 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\a271ab91d28144427110c8cae31f41faff04454085c8673fe7c299e1eca3fd49.dll2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:5636 -
C:\Windows\SysWOW64\rundll32.exe"C:\Users\Admin\AppData\Local\Temp\a271ab91d28144427110c8cae31f41faff04454085c8673fe7c299e1eca3fd49.dll" 24406 7AB134E1-613F-4A85-A45B-761ECE6C45ED3⤵
- System Location Discovery: System Language Discovery
PID:2896
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4128,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=944 /prefetch:81⤵PID:2028
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\SafeNet Sentinel\Sentinel LDK\8a200880-346f-e1c6-02f0-6f81e85490d4\.434e4631\.dkffgahj
Filesize140B
MD56acf24c1102c817e0473d92bd8855b3a
SHA11aba3f09540ab49b6286544c40636e58e45bb4d2
SHA256453f421e18591532dba3c25df868641b8c15fb36fa5b6a1af4b3b28ad5f5f71b
SHA5124019ab8c2770737a80125fe81451dfe16f4a23dd5e51f617f9d77400ef6071fc6823a55773944137c6ff974927420fb02bf61d75e5cb07df08fe686bcd0f791b