Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29/11/2022, 14:35
Behavioral task
behavioral1
Sample
293277bae19a6ab3a9da50644a956c22d83ee198214d03c3f2c2e5b49c4332c6.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
293277bae19a6ab3a9da50644a956c22d83ee198214d03c3f2c2e5b49c4332c6.dll
Resource
win10v2004-20220812-en
General
-
Target
293277bae19a6ab3a9da50644a956c22d83ee198214d03c3f2c2e5b49c4332c6.dll
-
Size
16KB
-
MD5
6eb3d2c0227e3414f5fad94c9d6ed770
-
SHA1
4c05e57102661cef5cba40d9a31754b7814b9831
-
SHA256
293277bae19a6ab3a9da50644a956c22d83ee198214d03c3f2c2e5b49c4332c6
-
SHA512
63ad971692feeaaf2e0e82c9a604fb553f6c08c0d4009bd0076a64a1063823dbb2819c4764c9936bf00a070bb610ef31866915b45d23d84fcb93c1e7a84a1351
-
SSDEEP
384:S9a7L+KQ6B1WiXZopmPgzXmRYElh1LB9RTlnXLRbzlw:SYW6rGpUIJmLNlXFba
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/1496-133-0x0000000010000000-0x000000001000F000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 2880 1496 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1500 wrote to memory of 1496 1500 rundll32.exe 28 PID 1500 wrote to memory of 1496 1500 rundll32.exe 28 PID 1500 wrote to memory of 1496 1500 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\293277bae19a6ab3a9da50644a956c22d83ee198214d03c3f2c2e5b49c4332c6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1500 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\293277bae19a6ab3a9da50644a956c22d83ee198214d03c3f2c2e5b49c4332c6.dll,#12⤵PID:1496
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 6003⤵
- Program crash
PID:2880
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1496 -ip 14961⤵PID:924