Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

infinst.exe

windows10-1703-x64

4

infinst.exe

windows10-2004-x64

4

x3daudio1_1.dll

windows10-1703-x64

1

x3daudio1_1.dll

windows10-2004-x64

3

xactengine2_7.dll

windows10-1703-x64

7

xactengine2_7.dll

windows10-2004-x64

7

AutoPlay/D...UP.dll

windows10-1703-x64

4

AutoPlay/D...UP.dll

windows10-2004-x64

4

AutoPlay/D...UP.exe

windows10-1703-x64

4

AutoPlay/D...UP.exe

windows10-2004-x64

4

AutoPlay/D...S.pptx

windows10-1703-x64

1

AutoPlay/D...S.pptx

windows10-2004-x64

1

AutoPlay/D...er.exe

windows10-1703-x64

7

AutoPlay/D...er.exe

windows10-2004-x64

7

AutoPlay/D...32.dll

windows10-1703-x64

4

AutoPlay/D...32.dll

windows10-2004-x64

4

AutoPlay/D...up.exe

windows10-1703-x64

7

AutoPlay/D...up.exe

windows10-2004-x64

7

autorun.exe

windows10-1703-x64

3

autorun.exe

windows10-2004-x64

3

lua5.1.dll

windows10-1703-x64

3

lua5.1.dll

windows10-2004-x64

3

lua51.dll

windows10-1703-x64

3

lua51.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    1723s
  • max time network
    1513s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    15/02/2023, 04:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lua51.dll

  • Size

    11KB

  • MD5

    7fa818f532effd80cf7c1c54676e5a0d

  • SHA1

    05ce44c8d0672c9f3ce66436c592442377e69dba

  • SHA256

    1c2d1ba8425139d45de89192d2ae4982e9581f8ae0f22b8497aa0055080237ca

  • SHA512

    38baed895bc71bb890e91a92909f6e78ad34569ce6c7efd8bd9db50080da22697a085f98a3465c3e31165fb9029644e5a0f6bc5ba17d71d7f0dcd31784f0811d

  • SSDEEP

    192:En9bwibw7JYkjcyFZNcvqr0Py3v7u8meG1+mlXzI+eN1qyOd8cw/RsT9QwHzBDkf:En9ZPvqr0uzu8meYyOd8cqsT9QwHFYf

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\lua51.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:868
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\lua51.dll,#1
      2⤵
        PID:4208
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 604
          3⤵
          • Program crash
          PID:8
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4208 -ip 4208
      1⤵
        PID:1116

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4208-133-0x0000000000EC0000-0x0000000000F13000-memory.dmp

        Filesize

        332KB

        Download