Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
19/07/2023, 13:53
Static task
static1
Behavioral task
behavioral1
Sample
CRACK/Geometry Dash.url
Resource
win10v2004-20230703-en
Behavioral task
behavioral2
Sample
CRACK/no mega hack/GDDLLLoader.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
CRACK/no mega hack/adaf-dll/zBot.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral4
Sample
CRACK/no mega hack/libcurl.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
CRACK/zBot crack.dll
Resource
win10v2004-20230703-en
General
-
Target
CRACK/no mega hack/libcurl.dll
-
Size
515KB
-
MD5
8b39e7ff6fc59522fcc15fbd2ea5d380
-
SHA1
62a0a3a8e2f439b564aed4c22968e55f81000d31
-
SHA256
0a5fd94b70de3fa777e0ee3d558aaf872ab8d88df830c096d9e0cfc6686c8ac3
-
SHA512
d4eb14963532a8ed09950f60deae2cd7557654cc5de5b039e7153896cd9deb31d5be0fe0d9e7aa016030a7d48bff07d127e29fb92f612bfe1ac97e9e3461059d
-
SSDEEP
12288:v9L2y6C3ciWnbanyo9Y8WSHsXE9uygmD/KGB3elPaxppG+XHO+8GAbHuPKuHv1AK:1LTx289pG+LAbHuPSWw4lV
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1584 2600 WerFault.exe 86 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 636 wrote to memory of 2600 636 rundll32.exe 86 PID 636 wrote to memory of 2600 636 rundll32.exe 86 PID 636 wrote to memory of 2600 636 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\CRACK\no mega hack\libcurl.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:636 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\CRACK\no mega hack\libcurl.dll",#12⤵PID:2600
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 6443⤵
- Program crash
PID:1584
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2600 -ip 26001⤵PID:4724