Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2022, 05:07
Behavioral task
behavioral1
Sample
c7617e6c95f63d646a476b134ed9d4e50a4b88a4d44fc73c172efe7ca5c58f55.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
c7617e6c95f63d646a476b134ed9d4e50a4b88a4d44fc73c172efe7ca5c58f55.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
c7617e6c95f63d646a476b134ed9d4e50a4b88a4d44fc73c172efe7ca5c58f55.dll
-
Size
948KB
-
MD5
9efb5cd4417774092c04db240eb032c2
-
SHA1
833c366b69f5f6bb1349aab053177fa876a49a99
-
SHA256
c7617e6c95f63d646a476b134ed9d4e50a4b88a4d44fc73c172efe7ca5c58f55
-
SHA512
5700366e46023d4fa65ece1c44303c682288080f4d9f58eb009811395d127a21da89e831099760be36f5c70a273c1700ceb2586c65485598785ef29881faaddf
-
SSDEEP
24576:DAfAqkKADwGdHAWVmzmlJjo/7mqzmXkCqIZ+cfxtMB1:ppsKHNmzmlJUTIfdfxtM
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2360-133-0x0000000010000000-0x000000001027B000-memory.dmp vmprotect behavioral2/memory/2360-138-0x0000000010000000-0x000000001027B000-memory.dmp vmprotect -
Program crash 1 IoCs
pid pid_target Process procid_target 552 2360 WerFault.exe 80 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 2360 rundll32.exe Token: 33 2360 rundll32.exe Token: SeIncBasePriorityPrivilege 2360 rundll32.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe 2360 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2220 wrote to memory of 2360 2220 rundll32.exe 80 PID 2220 wrote to memory of 2360 2220 rundll32.exe 80 PID 2220 wrote to memory of 2360 2220 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c7617e6c95f63d646a476b134ed9d4e50a4b88a4d44fc73c172efe7ca5c58f55.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c7617e6c95f63d646a476b134ed9d4e50a4b88a4d44fc73c172efe7ca5c58f55.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2360 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 7803⤵
- Program crash
PID:552
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 2360 -ip 23601⤵PID:5048