Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

4056-403-0...ry.dll

windows7-x64

1

4056-403-0...ry.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2023, 17:36 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4056-403-0x0000000002ED0000-0x0000000003001000-memory.dll

  • Size

    1.2MB

  • MD5

    582dd05d9e59b04df3d560564e8b43f2

  • SHA1

    4fce94ad3c3de84d7b187b910cb927341c89e939

  • SHA256

    e77235aa49e949cb4ed2132d199ab5ce440335f8a9f9e56ecc8ef50e70ce8f77

  • SHA512

    b65f4ffcf4e01e0a0737dd00bec607e8ebc8a2b8c8998d6f3e494ebeb9cb07d7319abcdf953dd8a2634b67c4bdfd2cbb48b0744d4cf17024ac3b97b03fb85c9a

  • SSDEEP

    24576:3C7CI9TZDEWk1wCy0zaG9cQA91ftxmbfYQJZKJDS:7I99DEWVtQA9Zmn0Z

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4056-403-0x0000000002ED0000-0x0000000003001000-memory.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2436 -s 56
      2⤵
        PID:2448

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.