Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
301s -
max time network
312s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2022, 09:25
Static task
static1
Behavioral task
behavioral1
Sample
scoffed.dll
Resource
win7-20220812-en
windows7-x64
3 signatures
300 seconds
Behavioral task
behavioral2
Sample
scoffed.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
4 signatures
300 seconds
General
-
Target
scoffed.dll
-
Size
743KB
-
MD5
861f0031d6adde4ea8fe681fe1d6070a
-
SHA1
271c79a71423236dfaf109adce20efb0bbcc010a
-
SHA256
cedb23903ff7b26d31fc437c0747f0fc2c57aab62ff14b58f9b47c81b88c9a86
-
SHA512
1fc8ec236475d0b75fe9704e5a1b9d456f58b84dd3c272e40a9f09f583aa47393ddbbfa9d7fb6bcd377adaa13d313241ce5a28214b85f58f7774ee7f1bd01a2c
-
SSDEEP
12288:e+4QHixeljmtjVFJcPp+cygICZoxlSr9N6q6xMZXJMeGbX//7OT:5DXjmtjVD3cygICZwSJN6q6yZXJM5T/c
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2732 4324 WerFault.exe 81 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4324 rundll32.exe 4324 rundll32.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe 3612 wermgr.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 4324 rundll32.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 4728 wrote to memory of 4324 4728 rundll32.exe 81 PID 4728 wrote to memory of 4324 4728 rundll32.exe 81 PID 4728 wrote to memory of 4324 4728 rundll32.exe 81 PID 4324 wrote to memory of 3612 4324 rundll32.exe 85 PID 4324 wrote to memory of 3612 4324 rundll32.exe 85 PID 4324 wrote to memory of 3612 4324 rundll32.exe 85 PID 4324 wrote to memory of 3612 4324 rundll32.exe 85 PID 4324 wrote to memory of 3612 4324 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\scoffed.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4728 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\scoffed.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:4324 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 6763⤵
- Program crash
PID:2732
-
-
C:\Windows\SysWOW64\wermgr.exeC:\Windows\SysWOW64\wermgr.exe3⤵
- Suspicious behavior: EnumeratesProcesses
PID:3612
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4324 -ip 43241⤵PID:4032