Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
19/10/2022, 15:57
Static task
static1
Behavioral task
behavioral1
Sample
670c1aad04ec7fb0c93e5eee075293f179f9fa308e510827de96812b56269392.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
670c1aad04ec7fb0c93e5eee075293f179f9fa308e510827de96812b56269392.dll
Resource
win10v2004-20220812-en
General
-
Target
670c1aad04ec7fb0c93e5eee075293f179f9fa308e510827de96812b56269392.dll
-
Size
68KB
-
MD5
90fee9b73bee1934ce5f51f91295a02c
-
SHA1
391117c8c230176d18c0f3c40145798d91eedb2c
-
SHA256
670c1aad04ec7fb0c93e5eee075293f179f9fa308e510827de96812b56269392
-
SHA512
cda5b1a8c7f52046b6ad0a8aa1ea37430f3fca3af35fc616afbf89cfa87f78cb599c87de9b01a48ef48f686be4273d83cf5366e5202806ff867915916e199d62
-
SSDEEP
1536:JpcvBq2h8vA15cY3iMXYgDbSX9oz7BW9R84:Jp+hL1iY3DWNIBW9y4
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4704 4540 WerFault.exe 78 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2924 wrote to memory of 4540 2924 rundll32.exe 78 PID 2924 wrote to memory of 4540 2924 rundll32.exe 78 PID 2924 wrote to memory of 4540 2924 rundll32.exe 78
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\670c1aad04ec7fb0c93e5eee075293f179f9fa308e510827de96812b56269392.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\670c1aad04ec7fb0c93e5eee075293f179f9fa308e510827de96812b56269392.dll,#12⤵PID:4540
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 5443⤵
- Program crash
PID:4704
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4540 -ip 45401⤵PID:4604