Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

test_00690000.bin.dll

windows7_x64

3

test_00690000.bin.dll

windows10_x64

3

Resubmissions

12/05/2021, 09:09

210512-ll8v73rjm6 10

12/07/2020, 13:12

200712-aaxsfptbdx 10

Analysis

  • max time kernel
    111s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    12/05/2021, 09:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    test_00690000.bin.dll

  • Size

    204KB

  • MD5

    82401a076fce0af2b913f8c904d8c9e3

  • SHA1

    eadfb9becbe7b2e8dc9aaf1f09aac0276df4b2ec

  • SHA256

    84b87be120ec7d63af6e791e1642c63d4d83c09a1726f3b036c19547ccbef6be

  • SHA512

    8f53fc66a4413295e9b47878b8d4706d6115d308d91b2728656791e7c2ed38df29552dda5cd2537d71f81d17f3ba470e271a24e99d6b8ca8892a22daa3335bbe

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\test_00690000.bin.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\test_00690000.bin.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1580
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 232
        3⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:1636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1580-60-0x0000000076281000-0x0000000076283000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1636-62-0x0000000000880000-0x0000000000881000-memory.dmp

    Filesize

    4KB

    Download