Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

9

5ff93e4774...51.dll

windows7-x64

8

5ff93e4774...51.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    154s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 14:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5ff93e47742d85a8a742588c1a5558b1f9b0b4078ee78441c72ca3484e17f551.dll

  • Size

    18KB

  • MD5

    f9e76ebccc0473bfb77bce5b487f3290

  • SHA1

    7933126f471fc86a89bc68d5d55d8cfee1c7a7ca

  • SHA256

    5ff93e47742d85a8a742588c1a5558b1f9b0b4078ee78441c72ca3484e17f551

  • SHA512

    b5edd1dac52da7a1ba2ca00a96140cd02173c32dad0bf940e774bcd3e09e39f70ce7cc9c59ea7fd1886a4a7a7b4fceb264b542097fa4848af1ca45d2928f1b7b

  • SSDEEP

    384:RrbJ6dHMbhWpHWwn6YWBZyQQwv2vmmnmIWrZPS7:RrsNMJFYgXDv2lnmIWs7

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:3080
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ff93e47742d85a8a742588c1a5558b1f9b0b4078ee78441c72ca3484e17f551.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4424
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ff93e47742d85a8a742588c1a5558b1f9b0b4078ee78441c72ca3484e17f551.dll,#1
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2724
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 608
          4⤵
          • Program crash
          PID:4840
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2724 -ip 2724
    1⤵
      PID:5080

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2724-133-0x0000000014960000-0x0000000014978000-memory.dmp

      Filesize

      96KB

      Download