Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
25/02/2025, 16:53
Static task
static1
Behavioral task
behavioral1
Sample
dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e.dll
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e.dll
Resource
win10v2004-20250217-en
General
-
Target
dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e.dll
-
Size
3.1MB
-
MD5
b64d852cb8fae981566492d4e80c10c9
-
SHA1
b353cc8097b9276cba42d7ba68281adbce5d2e0a
-
SHA256
dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e
-
SHA512
58dca9fe5a5dfe207ed66a77cbc58d1e620ada0c062357d4cffab4e0c23cf86fe490361aaae2588381bb7afdda81903164f57546b75b3923a929e7aca28ad0fd
-
SSDEEP
49152:XlxRTtP4NngsosOTLuXZLxweUtcX25oVDn99c1/0VXNxP+5O1MA7ul:1BA+8LYuXEuDnu0VXbPMO1N
Malware Config
Signatures
-
Banload
Banload variants download malicious files, then install and execute the files.
-
Banload family
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion regsvr32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate regsvr32.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Version\ = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect.1\ = "Connect Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\CurVer\ = "NoteFavorites2021.Connect.1" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\ = "Connect Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\ProgID\ = "NoteFavorites2021.Connect.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Implemented Categories\{0DE86A54-2BAA-11CF-A229-00AA003D7352} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect.1 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\ProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ = "IConnect" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\ = "{20216402-AE2E-4A01-81A1-0F0BA89F8885}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\CLSID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\ProgID\ = "BDATuner.MPEG2TuneRequest.1" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Version regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\ = "Note Gem - Favorites Tab 2021 1.0 Type Library" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\Version = "1.0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\CurVer regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\AppID = "{20216401-AE2E-4A01-81A1-0F0BA89F8885}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dda3599f7661faee14d1fa8d7a9c2e3d1e7c0894a39ee9f47d1513993a5b9e2e.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\ = "{20216402-AE2E-4A01-81A1-0F0BA89F8885}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\0\win32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\ = "{20216402-AE2E-4A01-81A1-0F0BA89F8885}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Implemented Categories regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\HELPDIR regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\VersionIndependentProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ProxyStubClsid32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\ProgID regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ProxyStubClsid32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Programmable regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect.1\CLSID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\VersionIndependentProgID\ = "NoteFavorites2021.Connect" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\InprocServer32\ThreadingModel = "Apartment" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\TypeLib\Version = "1.0" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\ = "BDA Tuning Model MPEG2 Tune Request" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\TypeLib\ = "{9B085638-018E-11D3-9D8E-00C04F72D980}" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect.1\CLSID\ = "{20216401-AE2E-4A01-81A1-0F0BA89F8885}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885} regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\FLAGS regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{20216402-AE2E-4A01-81A1-0F0BA89F8885}\1.0\FLAGS\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20216403-AE2E-4A01-81A1-0F0BA89F8885}\ = "IConnect" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\InprocServer32\ = "C:\\Windows\\System32\\msvidctl.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\InprocServer32\ThreadingModel = "Both" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\InprocServer32 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\VersionIndependentProgID\ = "BDATuner.MPEG2TuneRequest" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\VersionIndependentProgID regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\ = "Connect Class" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NoteFavorites2021.Connect\CLSID\ = "{20216401-AE2E-4A01-81A1-0F0BA89F8885}" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{20216401-AE2E-4A01-81A1-0F0BA89F8885}\Programmable regsvr32.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 1656 regsvr32.exe Token: SeIncBasePriorityPrivilege 1656 regsvr32.exe