Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

a8f12d981b...f9.dll

windows7-x64

7

a8f12d981b...f9.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2022, 22:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a8f12d981b8c220a2cf6bb6e8c50a7f257ff3addec49309811c18e9c8f759ef9.dll

  • Size

    20KB

  • MD5

    6e019e4e6971cc69a72737ea40fd9798

  • SHA1

    f6d2acb9f5bbf7d24c12189c0f03be25d35839c8

  • SHA256

    a8f12d981b8c220a2cf6bb6e8c50a7f257ff3addec49309811c18e9c8f759ef9

  • SHA512

    fb1f234d1bd9e0094f5aff626a3814ac559944fcd2b4c4aa24de073c7ff567d85071537256259a72f9deb648ff869683738334e2b7f7cd20f2757c27a7585647

  • SSDEEP

    384:zSG/2Jp+C6QhtmruxCcdIL+0Xpl5CAu8UaWHuqaTlX0wG:zfYh2oCtpXP5x2OqaewG

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a8f12d981b8c220a2cf6bb6e8c50a7f257ff3addec49309811c18e9c8f759ef9.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a8f12d981b8c220a2cf6bb6e8c50a7f257ff3addec49309811c18e9c8f759ef9.dll,#1
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:5072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9B1C.tmp
    Filesize

    20KB

    MD5

    b414208aaeb67a3eb620bf14de2b0edd

    SHA1

    fc31eaa8ba0e41290018119ca245589cb0d2124d

    SHA256

    be0757105019c1961f3705c1473485e598903654ec452cb9d197d7070d7e4e77

    SHA512

    8550a3bff46146ee3a69167f4ab4451fea5e29f3800356ff74bb21880766ea387fd88e2fe11a854089442c017e7ab0e4adf9757889db9e23dcc60647b6d1c516

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\9B1C.tmp
    Filesize

    20KB

    MD5

    b414208aaeb67a3eb620bf14de2b0edd

    SHA1

    fc31eaa8ba0e41290018119ca245589cb0d2124d

    SHA256

    be0757105019c1961f3705c1473485e598903654ec452cb9d197d7070d7e4e77

    SHA512

    8550a3bff46146ee3a69167f4ab4451fea5e29f3800356ff74bb21880766ea387fd88e2fe11a854089442c017e7ab0e4adf9757889db9e23dcc60647b6d1c516

    Download Submit

  • memory/5072-135-0x00000000014B1000-0x00000000014B3000-memory.dmp

    Filesize

    8KB

    Download