Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

6f3089e7b2...d7.dll

windows7-x64

6

6f3089e7b2...d7.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    152s
  • max time network
    188s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/11/2022, 08:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6f3089e7b2ae92d2c4a1562e00481f4330042fa2209e43b964db7b3dfa41b6d7.dll

  • Size

    384KB

  • MD5

    2275b6bd70ffbaefbc7626e2793d2b90

  • SHA1

    1d6fdf895f49e97e10e3f21d98451908d5582248

  • SHA256

    6f3089e7b2ae92d2c4a1562e00481f4330042fa2209e43b964db7b3dfa41b6d7

  • SHA512

    1eb8ea7a4cdf9291619501aad2593dcc32cb5503dbdd974a00f8c0d6052aaa015c715752e8240b03d8aaca138fe2ecd078f4bee2e62c363f1a6c05e145368f63

  • SSDEEP

    6144:uStBN2/13tjxkEWjlRwiprPa6Cm7lO6bcM9SH4TzlKcqWhJX6VD2:uStBN2JtFkEWpBlhCmhO6bcRuKGhJCD2

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f3089e7b2ae92d2c4a1562e00481f4330042fa2209e43b964db7b3dfa41b6d7.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3404
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f3089e7b2ae92d2c4a1562e00481f4330042fa2209e43b964db7b3dfa41b6d7.dll,#1
      2⤵
      • Writes to the Master Boot Record (MBR)
      • Drops file in System32 directory
      PID:3648

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads