Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230831-en -
resource tags
arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system -
submitted
02/09/2023, 08:32
Static task
static1
Behavioral task
behavioral1
Sample
fd8f87b0b7d9a02fc7afe9a0a3dff67a8f0306e241046bdda8ecca1294e400eb.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
fd8f87b0b7d9a02fc7afe9a0a3dff67a8f0306e241046bdda8ecca1294e400eb.dll
Resource
win10v2004-20230831-en
General
-
Target
fd8f87b0b7d9a02fc7afe9a0a3dff67a8f0306e241046bdda8ecca1294e400eb.dll
-
Size
4.5MB
-
MD5
5d537254370fb7f3256524e6e74743d0
-
SHA1
e931de448f728bc9910dbb85e91e74e05e7ead0e
-
SHA256
fd8f87b0b7d9a02fc7afe9a0a3dff67a8f0306e241046bdda8ecca1294e400eb
-
SHA512
c0389f2af34f8f2b95d0c6bfd91e1a53c7e90186c19b15d67571a7cabe76b5a3ddc8cad02ca2354a0d29742fc643b9c90243605ae359ad013dfd486da5beaf15
-
SSDEEP
98304:JAZdwZomsjDGwYYtQddncl5oVb/lbGWRB2A:OQmMYedFcl5oVb/R7B2A
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 228 4552 WerFault.exe 83 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1224 wrote to memory of 4552 1224 rundll32.exe 83 PID 1224 wrote to memory of 4552 1224 rundll32.exe 83 PID 1224 wrote to memory of 4552 1224 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fd8f87b0b7d9a02fc7afe9a0a3dff67a8f0306e241046bdda8ecca1294e400eb.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1224 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fd8f87b0b7d9a02fc7afe9a0a3dff67a8f0306e241046bdda8ecca1294e400eb.dll,#12⤵PID:4552
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 6963⤵
- Program crash
PID:228
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4552 -ip 45521⤵PID:3176