Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
46s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29/10/2022, 04:44
Static task
static1
Behavioral task
behavioral1
Sample
ed63f671609081aa0cff5e5625cbf7b42132ec6db393055bd1fbbfdee289b752.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ed63f671609081aa0cff5e5625cbf7b42132ec6db393055bd1fbbfdee289b752.dll
Resource
win10v2004-20220812-en
General
-
Target
ed63f671609081aa0cff5e5625cbf7b42132ec6db393055bd1fbbfdee289b752.dll
-
Size
114KB
-
MD5
5628c3d38b6c383283a6c45d3257d37f
-
SHA1
d9e10737f3152f27a5c9071702d2ee1eeb5389a7
-
SHA256
ed63f671609081aa0cff5e5625cbf7b42132ec6db393055bd1fbbfdee289b752
-
SHA512
7bd9dc4960e7f9e8f07299104c7183a255ca972cf2a8a0b961051662c0feda039b50470bc91d4ee5a9218476353f962dc38a6f1e035f744ac356716d0a4d53ac
-
SSDEEP
3072:v8pINCf/qPkhR8GNR/iKEbY9v46VtVpW:vxwfCPw8GL/iO9v7Xp
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4768 3596 WerFault.exe 20 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1380 wrote to memory of 3596 1380 rundll32.exe 20 PID 1380 wrote to memory of 3596 1380 rundll32.exe 20 PID 1380 wrote to memory of 3596 1380 rundll32.exe 20
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed63f671609081aa0cff5e5625cbf7b42132ec6db393055bd1fbbfdee289b752.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1380 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed63f671609081aa0cff5e5625cbf7b42132ec6db393055bd1fbbfdee289b752.dll,#12⤵PID:3596
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 6403⤵
- Program crash
PID:4768
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3596 -ip 35961⤵PID:3916