Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
173s -
max time network
180s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2022, 15:41
Behavioral task
behavioral1
Sample
3464b96b49d1c4e520aa049b7181e216e060957d69295453de5f340e5b7364fc.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3464b96b49d1c4e520aa049b7181e216e060957d69295453de5f340e5b7364fc.dll
Resource
win10v2004-20220812-en
General
-
Target
3464b96b49d1c4e520aa049b7181e216e060957d69295453de5f340e5b7364fc.dll
-
Size
107KB
-
MD5
13008e428e27f6ba6085a98085199748
-
SHA1
7c5d0b4aa6f67d98b7c33211cb927621976334dd
-
SHA256
3464b96b49d1c4e520aa049b7181e216e060957d69295453de5f340e5b7364fc
-
SHA512
4f9af0fa72aa0152dfe230dde8cd732b24fb625612cedfec3658b4dea1e136dce5a8711ffd9cd943f1d9f1c9fd00040f4b42b3de36059636298b30f6161bf6cb
-
SSDEEP
768:TGXJc6eVqOmus7GG9+CbIUoroTksOOnt+khADerrVZ5G3dahinsjGcctbhKVSZpS:TGZcqO4GGA6951yahpSc3V2f8H89PY
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3440 924 WerFault.exe 79 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1236 wrote to memory of 924 1236 rundll32.exe 79 PID 1236 wrote to memory of 924 1236 rundll32.exe 79 PID 1236 wrote to memory of 924 1236 rundll32.exe 79
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3464b96b49d1c4e520aa049b7181e216e060957d69295453de5f340e5b7364fc.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1236 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3464b96b49d1c4e520aa049b7181e216e060957d69295453de5f340e5b7364fc.dll,#12⤵PID:924
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 5443⤵
- Program crash
PID:3440
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 924 -ip 9241⤵PID:3424