Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

d1d3cf433e...e0.dll

windows7_x64

3

d1d3cf433e...e0.dll

windows10_x64

3

Analysis

  • max time kernel
    125s
  • max time network
    172s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    06/08/2021, 12:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1d3cf433e871d3aa6836ddb87578cbf494603f6f4a8918f36aea5816c6ce5e0.dll

  • Size

    135KB

  • MD5

    2512bc611f3477627381e7b69fd3dfc0

  • SHA1

    4de71f730b57d672c3ccc9a655fd9e347b5462f9

  • SHA256

    d1d3cf433e871d3aa6836ddb87578cbf494603f6f4a8918f36aea5816c6ce5e0

  • SHA512

    ec71f2e14f38fd1aa8956ff38417cefbbebf35d2b79f70ac242f946cc7870a99c06329ee142a7fdc6c47e7ba27461065db38747eacf309b265d495c8e9b032f7

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1d3cf433e871d3aa6836ddb87578cbf494603f6f4a8918f36aea5816c6ce5e0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d1d3cf433e871d3aa6836ddb87578cbf494603f6f4a8918f36aea5816c6ce5e0.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1920
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 224
        3⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1920-61-0x0000000075AA1000-0x0000000075AA3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1996-64-0x0000000000580000-0x0000000000581000-memory.dmp

    Filesize

    4KB

    Download