Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

6b9229b923...e8.dll

windows7-x64

3

6b9229b923...e8.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    152s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 08:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b9229b923bf8180dc15a3dca486186407a63bc476581f1433d12002c2ebd5e8.dll

  • Size

    450KB

  • MD5

    56a9abbc30fba3e9bae7fc86a9868460

  • SHA1

    29e0037981ba66bf36e29ad56314385b9083fd99

  • SHA256

    6b9229b923bf8180dc15a3dca486186407a63bc476581f1433d12002c2ebd5e8

  • SHA512

    d3e1bb1bbeeff774f7fd91a4195a507cd58bbfb175668f74393b3849514328ac5db4df74a5c8ba1dda2fd3e15a26a67d8aa2b92fc64a0aa8b039f1f1cad552c9

  • SSDEEP

    6144:pks9DWUfS8PB29UxUo5K9vj8XJi3d8cag4VJfTmEgtYercN+cGzK0ONVcswSy8Y:p/fS8P0eGiK4AyeONaswSf0z0P

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b9229b923bf8180dc15a3dca486186407a63bc476581f1433d12002c2ebd5e8.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3516
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b9229b923bf8180dc15a3dca486186407a63bc476581f1433d12002c2ebd5e8.dll,#1
      2⤵
        PID:4336
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 572
          3⤵
          • Program crash
          PID:4856
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4336 -ip 4336
      1⤵
        PID:4936

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads