Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
74s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 12:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6ec8108b351c0766f4a04ec7aa4b37bb.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
6ec8108b351c0766f4a04ec7aa4b37bb.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
6ec8108b351c0766f4a04ec7aa4b37bb.dll
-
Size
92KB
-
MD5
6ec8108b351c0766f4a04ec7aa4b37bb
-
SHA1
3225e298f344b290ef3340b6d66498339c2adefe
-
SHA256
29828dee79dc20847ee00ce0cacea333485270b0fd3cc7e03ed6ce2e384428a4
-
SHA512
3759cf849f532b464ec3d1c6d7624cf46f978659978b81a3dd77dc7b3728bdfd8249207df1b1d43a01156d58a9cbc62912603d924b3086935e2fedc6b932ea2f
-
SSDEEP
1536:37BcvfaiPAlGewIrMifHM1x431M5d4e8qu/E6BRLuFVQTuLpIfUJ:3Nc6BlGewIrV44FM5Oe8qutUFyuWsJ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 652 1372 WerFault.exe 14 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4860 wrote to memory of 1372 4860 rundll32.exe 14 PID 4860 wrote to memory of 1372 4860 rundll32.exe 14 PID 4860 wrote to memory of 1372 4860 rundll32.exe 14
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ec8108b351c0766f4a04ec7aa4b37bb.dll,#11⤵PID:1372
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 5802⤵
- Program crash
PID:652
-
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ec8108b351c0766f4a04ec7aa4b37bb.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4860
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1372 -ip 13721⤵PID:808