Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

affd68b3c9...07.dll

windows7-x64

7

affd68b3c9...07.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    157s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2022, 22:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    affd68b3c9fa435ff1cb63c097c3d583c0aca8f3390e3c7108ffdbfb78cc6907.dll

  • Size

    20KB

  • MD5

    51197d65e6362ff040cbfdebc6d5633f

  • SHA1

    4df89e82f90bf66d5bf4d81728ff3296a2addf13

  • SHA256

    affd68b3c9fa435ff1cb63c097c3d583c0aca8f3390e3c7108ffdbfb78cc6907

  • SHA512

    c459a78bdf1193406e83c1f1a86c356ca3d0040d50205dec35af9360be50a67ae3cfbb00f9eb6c2e8461885d9113a7a117beaeebfb7c3ab249d72b4bad5f4fd9

  • SSDEEP

    384:zSG/2Jp+C6QhtmruxCcdIL+0XplfCAu8UaWHuqaTlX0wG:zfYh2oCtpXPfx2OqaewG

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\affd68b3c9fa435ff1cb63c097c3d583c0aca8f3390e3c7108ffdbfb78cc6907.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4120
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\affd68b3c9fa435ff1cb63c097c3d583c0aca8f3390e3c7108ffdbfb78cc6907.dll,#1
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:4292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\280A.tmp
    Filesize

    20KB

    MD5

    8f9d57c1bc9a4c1f9644bb18fe4db532

    SHA1

    52b48eab64c577602d665d25ee618a1cbdd9727f

    SHA256

    cc48fdc83d54e9a3bf934a05a4174e9db7b14b4fa2916485e60ff886988a60ed

    SHA512

    f5673c545a3f99aacd68fba67452406bddfa87e04c70de314ac80a40b8af7ab3828272092b15a48010dfbd334f6fc98f86c008e463bec37a743434e0eba116f1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\280A.tmp
    Filesize

    20KB

    MD5

    8f9d57c1bc9a4c1f9644bb18fe4db532

    SHA1

    52b48eab64c577602d665d25ee618a1cbdd9727f

    SHA256

    cc48fdc83d54e9a3bf934a05a4174e9db7b14b4fa2916485e60ff886988a60ed

    SHA512

    f5673c545a3f99aacd68fba67452406bddfa87e04c70de314ac80a40b8af7ab3828272092b15a48010dfbd334f6fc98f86c008e463bec37a743434e0eba116f1

    Download Submit

  • memory/4292-135-0x0000000000491000-0x0000000000493000-memory.dmp

    Filesize

    8KB

    Download