Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02/10/2022, 15:18
Static task
static1
Behavioral task
behavioral1
Sample
dc1a71f3165372ff08df0794d0c98d8194de188e89aa0bfac973240f14003941.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
dc1a71f3165372ff08df0794d0c98d8194de188e89aa0bfac973240f14003941.dll
Resource
win10v2004-20220812-en
General
-
Target
dc1a71f3165372ff08df0794d0c98d8194de188e89aa0bfac973240f14003941.dll
-
Size
8KB
-
MD5
7326cef584f120bb1d2e8b793ab16c3d
-
SHA1
f1ebca90febaa44dc730cc90ebe8832fa0bca2e2
-
SHA256
dc1a71f3165372ff08df0794d0c98d8194de188e89aa0bfac973240f14003941
-
SHA512
036317beebe123a87f5b4904dd10a4d219da09017e4fd28c97d52e084d843304c290bfbe7362bd35a96b6781427be590731766fabbac418607a168563eb20b83
-
SSDEEP
192:nzF8rA/xdowlOJAGGwlGVfjJWa/Zt2DIG:zyE/o8OjGwlGVfj8CmIG
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4568 4864 WerFault.exe 80 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4952 wrote to memory of 4864 4952 rundll32.exe 80 PID 4952 wrote to memory of 4864 4952 rundll32.exe 80 PID 4952 wrote to memory of 4864 4952 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dc1a71f3165372ff08df0794d0c98d8194de188e89aa0bfac973240f14003941.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4952 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dc1a71f3165372ff08df0794d0c98d8194de188e89aa0bfac973240f14003941.dll,#12⤵PID:4864
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 5443⤵
- Program crash
PID:4568
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4864 -ip 48641⤵PID:4924