Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
176s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2022, 17:54
Static task
static1
Behavioral task
behavioral1
Sample
a7f61e68d01a19a7aeaaab30e06ab569f8e95876abcd431f668d21f94e292926.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a7f61e68d01a19a7aeaaab30e06ab569f8e95876abcd431f668d21f94e292926.dll
Resource
win10v2004-20220812-en
General
-
Target
a7f61e68d01a19a7aeaaab30e06ab569f8e95876abcd431f668d21f94e292926.dll
-
Size
102KB
-
MD5
75428b98daaeb1264a586657f58b83a6
-
SHA1
685edb26b54f9b5c3269f2e9cce53b5b6d82394b
-
SHA256
a7f61e68d01a19a7aeaaab30e06ab569f8e95876abcd431f668d21f94e292926
-
SHA512
22a22702c7f39cd7ecf04a78649eefb3c3350c9ca3bd66f62fdcb0249bd23c93bc2dc7a7c53184bd59df14f1c1c745755ae1664abd7826f7443ba257de074adc
-
SSDEEP
3072:+lCzDJFl3fy+g9xMCmGwfroAsYDsvwjFvRvMU:wCz53fy+rCmfy2jMU
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4868 3900 WerFault.exe 81 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4284 wrote to memory of 3900 4284 rundll32.exe 81 PID 4284 wrote to memory of 3900 4284 rundll32.exe 81 PID 4284 wrote to memory of 3900 4284 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a7f61e68d01a19a7aeaaab30e06ab569f8e95876abcd431f668d21f94e292926.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4284 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a7f61e68d01a19a7aeaaab30e06ab569f8e95876abcd431f668d21f94e292926.dll,#12⤵PID:3900
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 5443⤵
- Program crash
PID:4868
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3900 -ip 39001⤵PID:2488