Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
177s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 08:30
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5fe77d6be52dc63d5ac67974b1a890cb.dll
Resource
win7-20231129-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
5fe77d6be52dc63d5ac67974b1a890cb.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
5fe77d6be52dc63d5ac67974b1a890cb.dll
-
Size
4KB
-
MD5
5fe77d6be52dc63d5ac67974b1a890cb
-
SHA1
4374cd7a944d1fd1355766d5f904fe49f246a35f
-
SHA256
7dfe6d44b9d931764b56362c4cac2bcb21521b64afc4f93bfd7afa56f1e13872
-
SHA512
667e4bc7f8bbcda73a1683786195bde397f0ca77a8a73fe3efed304fe7c620379735189cb65817b5cb2cc0265cde604d42d5c44607b5335668467a887954ea8d
-
SSDEEP
48:q7mLuoDpJtYt3RTTOZdsdjV9s0XLXYUXLXvrk7c+hpztU/tW:A6G9RTAdQ9FnDo7ccltU/tW
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3964 4984 WerFault.exe 88 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3144 wrote to memory of 4984 3144 rundll32.exe 88 PID 3144 wrote to memory of 4984 3144 rundll32.exe 88 PID 3144 wrote to memory of 4984 3144 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5fe77d6be52dc63d5ac67974b1a890cb.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3144 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5fe77d6be52dc63d5ac67974b1a890cb.dll,#12⤵PID:4984
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 6123⤵
- Program crash
PID:3964
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4984 -ip 49841⤵PID:3164