Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
161s -
max time network
200s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
29/11/2022, 07:41
General
-
Target
cce3965795937eb00d13a2b48e8060ffb2ab2c972ede6014e559a37fb82a784c.dll
-
Size
764KB
-
MD5
0188a751fdabf8b2f5131972c24efde5
-
SHA1
d4b89df6ab83d449ee0643722b245d63ef488e90
-
SHA256
cce3965795937eb00d13a2b48e8060ffb2ab2c972ede6014e559a37fb82a784c
-
SHA512
1035379ae19e4e6d2d6ddc9fafd406ea2b14c9c38ee2e1b57ec62814a5477262db0132705361555d9117fdbc0bd9d58b1e6ba85ff4371ef3fe77fa59426f24d8
-
SSDEEP
12288:JNIyZN4+Wv4PLq6Okrh9ZN/hs9Dsd+mFYdpnnZ:J9TPmirh9Zdh6xpZ
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Drops file in System32 directory 1 IoCs
-
Program crash 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cce3965795937eb00d13a2b48e8060ffb2ab2c972ede6014e559a37fb82a784c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cce3965795937eb00d13a2b48e8060ffb2ab2c972ede6014e559a37fb82a784c.dll,#12⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32mgr.exeC:\Windows\SysWOW64\rundll32mgr.exe3⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 2524⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 6083⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1264 -ip 12641⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 5096 -ip 50961⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
179KB
MD5385ebb123969c34ffd01be9af09fa85b
SHA1b02bf370f22739e500ba56e7b62d0006ca5cf42d
SHA25674a9b2721ccd34b89f5c4e5dc8683ff520e32918c3459080282f2c52c0458919
SHA512cb34932038568d508e8fbb7d7fb2ef505f63b5fff56625e36a929ebad045d9c166bda732c39876803b3311d15af7c5cc378fd0a7cccb1b60fdae1e094a59fb65
-
Filesize
179KB
MD5385ebb123969c34ffd01be9af09fa85b
SHA1b02bf370f22739e500ba56e7b62d0006ca5cf42d
SHA25674a9b2721ccd34b89f5c4e5dc8683ff520e32918c3459080282f2c52c0458919
SHA512cb34932038568d508e8fbb7d7fb2ef505f63b5fff56625e36a929ebad045d9c166bda732c39876803b3311d15af7c5cc378fd0a7cccb1b60fdae1e094a59fb65
-
Filesize
788KB
-
Filesize
788KB
-
Filesize
408KB
-
Filesize
408KB