Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
06/12/2022, 06:35
General
-
Target
dfad3171659c959cbff470e5c3f531a067936427e29c7f2b4c7b73961cefab35.dll
-
Size
872KB
-
MD5
6f4d1a91a7c28a62c5b2418e41ea4281
-
SHA1
03dc605be3edb6069a90190102389f7bb0be7163
-
SHA256
dfad3171659c959cbff470e5c3f531a067936427e29c7f2b4c7b73961cefab35
-
SHA512
5cfa1c46674124a3d5d6a0e7b1b44197d52bb2e687ac88064bce175b6e1ab32668292a355b2786e805a6b0f88475f43288aab81cf9dc82b514ea4b744c459212
-
SSDEEP
12288:4oSScBnDaAOeeO6kEAVokag6lIw48W0vOHzD:4oSR+zOnEuoLg6lB48W0vOHzD
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 28 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dfad3171659c959cbff470e5c3f531a067936427e29c7f2b4c7b73961cefab35.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dfad3171659c959cbff470e5c3f531a067936427e29c7f2b4c7b73961cefab35.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 3723⤵
- Program crash
-
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB