Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
22/09/2023, 04:04
Static task
static1
Behavioral task
behavioral1
Sample
50b4176a0dfce346961f969f05c93ac287fb9707e9427aa65d073cdcdebfa705.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
50b4176a0dfce346961f969f05c93ac287fb9707e9427aa65d073cdcdebfa705.dll
Resource
win10v2004-20230915-en
General
-
Target
50b4176a0dfce346961f969f05c93ac287fb9707e9427aa65d073cdcdebfa705.dll
-
Size
892KB
-
MD5
c25a035a34e85ae5cd7b1d38a811c749
-
SHA1
4b20ce87a526fe7229ff8bcac94459ee946cd16c
-
SHA256
50b4176a0dfce346961f969f05c93ac287fb9707e9427aa65d073cdcdebfa705
-
SHA512
282da029438af224d40e5e74f9a2a5cd49757ff436783cbccd91eb380d2159ab08b342f43867ca6881141b61f61dc69f3261dfe93a782681f5ec972cce6be34f
-
SSDEEP
12288:yJwwhEMf9shbYfQ1ZpOgSo/3DKKYxmSW1BcpQAe:yJwgXsFY417DSI3OKGmrSQAe
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process 3024 1988 WerFault.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1988 rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 1728 wrote to memory of 1988 1728 rundll32.exe 2 PID 1728 wrote to memory of 1988 1728 rundll32.exe 2 PID 1728 wrote to memory of 1988 1728 rundll32.exe 2 PID 1728 wrote to memory of 1988 1728 rundll32.exe 2 PID 1728 wrote to memory of 1988 1728 rundll32.exe 2 PID 1728 wrote to memory of 1988 1728 rundll32.exe 2 PID 1728 wrote to memory of 1988 1728 rundll32.exe 2 PID 1988 wrote to memory of 3024 1988 rundll32.exe 1 PID 1988 wrote to memory of 3024 1988 rundll32.exe 1 PID 1988 wrote to memory of 3024 1988 rundll32.exe 1 PID 1988 wrote to memory of 3024 1988 rundll32.exe 1
Processes
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 2721⤵
- Program crash
PID:3024
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\50b4176a0dfce346961f969f05c93ac287fb9707e9427aa65d073cdcdebfa705.dll,#11⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1988
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\50b4176a0dfce346961f969f05c93ac287fb9707e9427aa65d073cdcdebfa705.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1728