Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

b31ebf17f1...da.dll

windows7-x64

7

b31ebf17f1...da.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    13s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 21:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b31ebf17f10adb718695bd432ac2bd8006875c3547012471b5bb98fd031fdada.dll

  • Size

    20KB

  • MD5

    c647d48ed976640c62bcf5b30025441f

  • SHA1

    8bfab0ecf668659287d12f452664b9efc4d8c9bd

  • SHA256

    b31ebf17f10adb718695bd432ac2bd8006875c3547012471b5bb98fd031fdada

  • SHA512

    e407dacea5f16a524be01244704471d97e6d5d9c92dd9ad67a8caf5b252ed3702b6427040e8ec9e99f8860ddf850a014d2538c09f08e2ec630aeb2f5b21f9f11

  • SSDEEP

    384:zSG/2Jp+C6QhtmruxCcdIL+0Xpl8CAu8UaWHuqaTlX0wG:zfYh2oCtpXP8x2OqaewG

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b31ebf17f10adb718695bd432ac2bd8006875c3547012471b5bb98fd031fdada.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b31ebf17f10adb718695bd432ac2bd8006875c3547012471b5bb98fd031fdada.dll,#1
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      PID:1372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\4B25.tmp
    Filesize

    20KB

    MD5

    e43ff8faf63cf4962799be767cd6c539

    SHA1

    78500ffe81e9e9866df75a779f4ee18789636421

    SHA256

    0b7a07ca52f4ae8fdbf82319a35b0f4493e1db6ce849bb59abaefb26a81c9f94

    SHA512

    56e0ab5966b137bac6ff0b9af2fcaf73f03c69c4eca2ded3af8de986aae4d8004db9c82f7f2ee68cbebfa2f8ed811939ec5a2316a7cc9c1397f29a5692466ae1

    Download Submit

  • memory/1372-55-0x0000000076041000-0x0000000076043000-memory.dmp

    Filesize

    8KB

    Download