Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
194s -
max time network
246s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 14:46
Static task
static1
Behavioral task
behavioral1
Sample
e41eefffb1b5305b60587e6bed75cfc3f4865a20a759a087f624f79cfbe8031e.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e41eefffb1b5305b60587e6bed75cfc3f4865a20a759a087f624f79cfbe8031e.dll
Resource
win10v2004-20221111-en
General
-
Target
e41eefffb1b5305b60587e6bed75cfc3f4865a20a759a087f624f79cfbe8031e.dll
-
Size
40KB
-
MD5
d56ea8a67bb01bc894918b7aa5414714
-
SHA1
a5592cf1ab1f89c12f52bf92a14af9a581cc063e
-
SHA256
e41eefffb1b5305b60587e6bed75cfc3f4865a20a759a087f624f79cfbe8031e
-
SHA512
ef7a7bdad177e1c5b92f6db9b77d296e31b714b4c564d3879a4134fe947246f3ea2ad4073410fcce04c6e283aca42e88fc136dc6ef3b07008d937857b4f17462
-
SSDEEP
384:7oQ7C/MWhFFckCUaq0EY8Ra2NwQyJbtsN4/b:kUCkifzXYXQ8/b
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3040 2236 WerFault.exe 80 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3004 wrote to memory of 2236 3004 rundll32.exe 80 PID 3004 wrote to memory of 2236 3004 rundll32.exe 80 PID 3004 wrote to memory of 2236 3004 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e41eefffb1b5305b60587e6bed75cfc3f4865a20a759a087f624f79cfbe8031e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3004 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e41eefffb1b5305b60587e6bed75cfc3f4865a20a759a087f624f79cfbe8031e.dll,#12⤵PID:2236
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 6203⤵
- Program crash
PID:3040
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2236 -ip 22361⤵PID:4992