Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

de31742538...42.dll

windows7-x64

8

de31742538...42.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    4s
  • max time network
    34s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/10/2022, 21:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de31742538940969a5949b1e2343775a4ae3cbb960284c4b140cf90e49d70242.dll

  • Size

    73KB

  • MD5

    006f62def479b56aea5a32c4bfd5a8a0

  • SHA1

    3ece33765e1196046e96ed9f39bc894d6138e7c2

  • SHA256

    de31742538940969a5949b1e2343775a4ae3cbb960284c4b140cf90e49d70242

  • SHA512

    b70f87271136401fc495f426e8fafa7f758f830acbe7c925017e218ba31b61cb21c59e39f361cda1fc88ed2618287e88c61ef8f0e10a245c2e606587fd3bf8c6

  • SSDEEP

    1536:omgrayLgKh8/HIYNcn0CUjWrPyzVmgaghTuItF9Bmx/v2n6:oNkKh8/HIYNc0bWTyzV9acTztdmxX

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\de31742538940969a5949b1e2343775a4ae3cbb960284c4b140cf90e49d70242.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3832
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\de31742538940969a5949b1e2343775a4ae3cbb960284c4b140cf90e49d70242.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:436
      • C:\Users\Admin\AppData\Local\Temp\hrl8F25.tmp
        C:\Users\Admin\AppData\Local\Temp\hrl8F25.tmp
        3⤵
        • Executes dropped EXE
        PID:4980
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 1096
          4⤵
          • Program crash
          PID:3140
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4980 -ip 4980
    1⤵
      PID:4924

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\hrl8F25.tmp
      Filesize

      34KB

      MD5

      46b3f66a360f6a08fa026f05d0996185

      SHA1

      9759ac3cf1498ecc105fba0864d0ad1135ce8074

      SHA256

      2a962ac77426e364d10998946cef608a98d3c59cccb850bdf0ffde99fb6793fd

      SHA512

      9d83cd4fa40ada7aff5ef12033cf23bdeca63bffeeb3c03327c7fe4249f0e5c986654f4fa2a54df23e3c5e93d79436796680dff25e754871f0dcbea9c7931dfe

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\hrl8F25.tmp
      Filesize

      50KB

      MD5

      d3c9a6cf3ba7ce2619c9fc70ed1464ed

      SHA1

      e22c356649ad4ab13cb3041ad87bc3bb0c71cc5b

      SHA256

      1c594f44bca5d52444859b3ba54a09a6f3f5e80c98d1ed8b1c3cf8b8f68f2ce4

      SHA512

      4895ad84ff74835a21a66df6b12c96b731368d4a3751dbaba6ab236177b071a93ba031447be71bbc87d397fea61a3fe9ec13ce9a68ceced3f20996600a173e53

      Download Submit

    • memory/4980-136-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    • memory/4980-137-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download