Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 22:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
41ab914bf970b95cfd24570507a1641d.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
41ab914bf970b95cfd24570507a1641d.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
41ab914bf970b95cfd24570507a1641d.dll
-
Size
85KB
-
MD5
41ab914bf970b95cfd24570507a1641d
-
SHA1
bce6876fc38ffbd3c93b5fa54a6c78ccb7976cf9
-
SHA256
39cc1f20a86743d944825d71586232b10e13e51837c5d2337f32c304a85a5d1d
-
SHA512
b1580e7e30a2350c3d092604e9d5c0740de7b9ea30544f1c0418df67c7260be651854079128bdcc8ce57aa3ff8761608020a731a90b4bb1b93172e6e94627094
-
SSDEEP
1536:5gmZk7ctwuOh8zyunm68m5hBlBk0eSs1NZ4YLN+eezXqgmICULHr3gN:5gmZmctwJUywmrm5hRMSaMf7mI3a
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4644 1344 WerFault.exe 17 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3296 wrote to memory of 1344 3296 rundll32.exe 17 PID 3296 wrote to memory of 1344 3296 rundll32.exe 17 PID 3296 wrote to memory of 1344 3296 rundll32.exe 17
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\41ab914bf970b95cfd24570507a1641d.dll,#11⤵PID:1344
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 6202⤵
- Program crash
PID:4644
-
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\41ab914bf970b95cfd24570507a1641d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3296
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1344 -ip 13441⤵PID:1992