Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

_abvtsr4_F.exe

windows7-x64

3

_abvtsr4_F.exe

windows10-2004-x64

3

_abvtsr4_F.ia.dll

windows7-x64

7

_abvtsr4_F.ia.dll

windows10-2004-x64

7

_abvtsr4_F.mdat.dll

windows7-x64

7

_abvtsr4_F.mdat.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2023, 11:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    _abvtsr4_F.mdat.dll

  • Size

    7.5MB

  • MD5

    bf39eb2da4f28e2197431cd79124a084

  • SHA1

    f6360561ea18fc25ad59974c068778510f569a38

  • SHA256

    da9c04a0aca9e409afc8d61a052834878de7d0fc6a58bcfc1feffa3fca77d8d6

  • SHA512

    788ec679c77f08bf8d52ec48b64003269abde2c075d2dd85958a5c988faf7438cb7371c6eae4ab6e3633647ce2fe9cd2f0707f7a393218d55020ec99ee5d814c

  • SSDEEP

    98304:5HSrVU6Vx6saXmSZYne3/xJLp+gQqVnscZh51Xa33:5HqUBnscZo

Score
7/10
themida

Malware Config

Signatures

  • Themida packer 4 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\_abvtsr4_F.mdat.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2456
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\_abvtsr4_F.mdat.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2516
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 276
        3⤵
        • Program crash
        PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2516-0-0x00000000747A0000-0x0000000074F31000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/2516-1-0x00000000747A0000-0x0000000074F31000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/2516-2-0x0000000073620000-0x0000000073DB1000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/2516-3-0x0000000073620000-0x0000000073DB1000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/2516-4-0x0000000073620000-0x0000000073DB1000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/2516-5-0x00000000747A0000-0x0000000074F31000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/2516-6-0x0000000073620000-0x0000000073DB1000-memory.dmp

    Filesize

    7.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.