Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 05:52
Static task
static1
Behavioral task
behavioral1
Sample
32fe6dec101f3a7a9efd16655370bf7b04b1fcdc112f9f2f31112f0ab1cb98d9.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
32fe6dec101f3a7a9efd16655370bf7b04b1fcdc112f9f2f31112f0ab1cb98d9.dll
Resource
win10v2004-20220812-en
General
-
Target
32fe6dec101f3a7a9efd16655370bf7b04b1fcdc112f9f2f31112f0ab1cb98d9.dll
-
Size
102KB
-
MD5
b69835407a7062329cf2baa2026f5670
-
SHA1
869c4a8dcc378b44904404a95a0c839b4f042f70
-
SHA256
32fe6dec101f3a7a9efd16655370bf7b04b1fcdc112f9f2f31112f0ab1cb98d9
-
SHA512
cac16b450f60908346f60428fd90620ae1b6f78165853c1463b509b5c3b16c60da6d9df3a07a4b9266ad28a44bad21c50d90b2a56f57ef2ce6342439075b0fd6
-
SSDEEP
48:hx60j205VRgSF5aXqaukgk/png7fFJjMmbu:7201gwpkyPg
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3744 4932 WerFault.exe 81 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3160 wrote to memory of 4932 3160 rundll32.exe 81 PID 3160 wrote to memory of 4932 3160 rundll32.exe 81 PID 3160 wrote to memory of 4932 3160 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\32fe6dec101f3a7a9efd16655370bf7b04b1fcdc112f9f2f31112f0ab1cb98d9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3160 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\32fe6dec101f3a7a9efd16655370bf7b04b1fcdc112f9f2f31112f0ab1cb98d9.dll,#12⤵PID:4932
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 5523⤵
- Program crash
PID:3744
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4932 -ip 49321⤵PID:2076