Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
18/11/2022, 10:31
General
-
Target
UkBuGFiaRxAAfl.dll
-
Size
970KB
-
MD5
a779d5cf3fa450bdf0f540054861ba62
-
SHA1
4fe25852f69640e87e240b5e4bc46fdfc76782c7
-
SHA256
2911bdd99140387cbc8761826aacc3c9de0ccb511255aa58790955d8337e2edf
-
SHA512
1db51d312dfa647038d2c0c9afbd11852b4bdb177a07894f84db04d3547a3d06257900c597f9bb514bfcdcfd027fbcbe22552dbf73262f8f6e30920025ea3f50
-
SSDEEP
12288:ZZ33fS04yxlif6aS8dqJJzkvyo4w9faJ+1NEDeX4d8FWkPQz8028ez+R7Fnjmz2q:ZZ33agIddqFY9CJ+1V4oWdY8ec7BjI4
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\UkBuGFiaRxAAfl.dll,#11⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4528 -s 3282⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 412 -p 4528 -ip 45281⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe UkBuGFiaRxAAfl.dll #12⤵
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3004 -s 3443⤵
- Program crash
-
-
-
C:\Windows\system32\rundll32.exerundll32.exe UkBuGFiaRxAAfl.dll #22⤵
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 524 -p 3004 -ip 30041⤵