Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

9cdd65c799...5c.dll

windows7-x64

8

9cdd65c799...5c.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 13:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9cdd65c79921a2dd62616ab5b94dcd7123d13038fc097627f91162e4d9a3db5c.dll

  • Size

    667KB

  • MD5

    a086e03be718ed752d880d21ab9cdb50

  • SHA1

    3d720f928d9791696365bfc19d0bdc4ca371c55e

  • SHA256

    9cdd65c79921a2dd62616ab5b94dcd7123d13038fc097627f91162e4d9a3db5c

  • SHA512

    1c73e1170f2c438cf18fdcf586b4bde3afaf98c013554000f33ca0e7e276aa3c3b521b281a012fe4848dbe5902bb512c2c6ae5ad8d16c929c810155c82e95ee5

  • SSDEEP

    12288:bzb9rMfc+CKUQyUmjtc4euuzPrs9pGp8hunWoopooK9kwP:bzb1MlCKUQyUmjtczu6Prs9pgWoopoo6

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9cdd65c79921a2dd62616ab5b94dcd7123d13038fc097627f91162e4d9a3db5c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:648
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\9cdd65c79921a2dd62616ab5b94dcd7123d13038fc097627f91162e4d9a3db5c.dll,#1
      2⤵
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4796
      • C:\Windows\SysWOW64\rundll32Srv.exe
        C:\Windows\SysWOW64\rundll32Srv.exe
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:1464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    10KB

    MD5

    9f7f94a22e1ed7f03995292038b35b98

    SHA1

    c4c5a6e26687e788b3a0859aa0e6f1917a7334c2

    SHA256

    a7a43eef41b32a366e865ca71c160ff23e831cce9a28937ff7cd212acd2109e3

    SHA512

    f775bbddc1f594984c5f7d7b88d211d5ddbd54d2fed1c92ae11b5007f6ef3e00b614f729253c77b8f1471b328dbd6be585309414b4310f0c2840dedb9a743bb4

    Download Submit

  • C:\Windows\SysWOW64\rundll32Srv.exe
    Filesize

    10KB

    MD5

    9f7f94a22e1ed7f03995292038b35b98

    SHA1

    c4c5a6e26687e788b3a0859aa0e6f1917a7334c2

    SHA256

    a7a43eef41b32a366e865ca71c160ff23e831cce9a28937ff7cd212acd2109e3

    SHA512

    f775bbddc1f594984c5f7d7b88d211d5ddbd54d2fed1c92ae11b5007f6ef3e00b614f729253c77b8f1471b328dbd6be585309414b4310f0c2840dedb9a743bb4

    Download Submit

  • memory/1464-137-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1464-138-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4796-136-0x0000000005000000-0x00000000050AC000-memory.dmp

    Filesize

    688KB

    Download