Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 10:19
Behavioral task
behavioral1
Sample
72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a.dll
Resource
win10v2004-20220812-en
General
-
Target
72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a.dll
-
Size
16KB
-
MD5
c2477c2061085f10d7446db144e591b0
-
SHA1
42b46422d89865cd38524976428bff1b88b93b86
-
SHA256
72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a
-
SHA512
644857fcb060b778ceb47c4db1387184043d7bd28412dd4e52d68892b0a5678067f08d25d7f13ccb96603ccda9fb19969f9bc3dd1ee78e161f3bec054c6fb2a7
-
SSDEEP
384:S9a7L+KQ6B1WiXZopmPgzXmRYElh1LB9RTlnXLRbzlQ9:SYW6rGpUIJmLNlXFbq
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/3136-133-0x0000000010000000-0x000000001000F000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process procid_target 4696 3136 WerFault.exe 78 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2820 wrote to memory of 3136 2820 rundll32.exe 78 PID 2820 wrote to memory of 3136 2820 rundll32.exe 78 PID 2820 wrote to memory of 3136 2820 rundll32.exe 78
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\72b2a44b468f442b9dbde86bf33c36fb83530bc3dd8efc76d9c2321e7b6cfe3a.dll,#12⤵PID:3136
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 6003⤵
- Program crash
PID:4696
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3136 -ip 31361⤵PID:4880