Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
30/05/2023, 15:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
graphically.dat.dll
Resource
win7-20230220-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
graphically.dat.dll
Resource
win10v2004-20230221-en
2 signatures
150 seconds
General
-
Target
graphically.dat.dll
-
Size
970KB
-
MD5
422ad05af02621d0f875bd363c05b200
-
SHA1
1f75554831149e4f60fe618f4e3f52bc57b90f0d
-
SHA256
0c578d6d7ac421b2f995100273bd8e77b6fce55ea41d04e9996bd016d8ee2804
-
SHA512
a7728db04965badac22494ba1786d01e99dc8b34f60ea70db92009d33ed23d0780b31f1fd8bcf277fb4e5efcc101db9f533cfc4d7bc78081d3b16285a23840d9
-
SSDEEP
24576:D7AkdHt+UnNtqbVotX4Dw/9JGCZdBK/+NYouXFPn/yd4/:DZ8RDwlJGoY7X/
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4716 4084 WerFault.exe 84 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3980 wrote to memory of 4084 3980 rundll32.exe 84 PID 3980 wrote to memory of 4084 3980 rundll32.exe 84 PID 3980 wrote to memory of 4084 3980 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\graphically.dat.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3980 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\graphically.dat.dll,#12⤵PID:4084
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 6003⤵
- Program crash
PID:4716
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 4084 -ip 40841⤵PID:2772