Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2022, 16:57
Behavioral task
behavioral1
Sample
3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27.dll
Resource
win10v2004-20220812-en
General
-
Target
3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27.dll
-
Size
94KB
-
MD5
595f6335fbaa81038533cf0b43375b41
-
SHA1
8baa187cf8cd08c6786b8b2f5c1589c0a2094c76
-
SHA256
3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27
-
SHA512
e3cafb18b3e57f4482ccccdc90f5d1cd1034b2b8764489491c4e95c0932c340ebb0cc8fb39f8de46627924c9fe277a5f15f619459c74ab3a2c86c5cfc5a0584c
-
SSDEEP
1536:dC42owFQhOndUNOyTV0Xvn8RPpPEzA/7tK9i3y8/Pmgz+amTOwrPVsEP4awac:dFhw9d6TQ8sA/7U9axJzfZwrNsEnM
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4904-133-0x0000000010000000-0x000000001000F000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 4820 4904 WerFault.exe 82 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4960 wrote to memory of 4904 4960 rundll32.exe 82 PID 4960 wrote to memory of 4904 4960 rundll32.exe 82 PID 4960 wrote to memory of 4904 4960 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4960 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27.dll,#12⤵PID:4904
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 5723⤵
- Program crash
PID:4820
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4904 -ip 49041⤵PID:4856