Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    41s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 10:19

General

  • Target

    72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a.dll

  • Size

    16KB

  • MD5

    c2477c2061085f10d7446db144e591b0

  • SHA1

    42b46422d89865cd38524976428bff1b88b93b86

  • SHA256

    72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a

  • SHA512

    644857fcb060b778ceb47c4db1387184043d7bd28412dd4e52d68892b0a5678067f08d25d7f13ccb96603ccda9fb19969f9bc3dd1ee78e161f3bec054c6fb2a7

  • SSDEEP

    384:S9a7L+KQ6B1WiXZopmPgzXmRYElh1LB9RTlnXLRbzlQ9:SYW6rGpUIJmLNlXFbq

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:992
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:928
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 228
        3⤵
        • Program crash
        PID:1300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/928-55-0x0000000076561000-0x0000000076563000-memory.dmp

    Filesize

    8KB

  • memory/928-57-0x0000000010000000-0x000000001000F000-memory.dmp

    Filesize

    60KB