Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

04e388933e...33.dll

windows7-x64

10

04e388933e...33.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 21:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04e388933eab8600c45e65e2470c6b33.dll

  • Size

    236KB

  • MD5

    04e388933eab8600c45e65e2470c6b33

  • SHA1

    6ab499dd9e9d14578db0bed8fb7ca63a4a08e1d2

  • SHA256

    dd14d8c8bf76437503cc28ae10cdbf2d7a914833c5a111b368bd1a7433ec7201

  • SHA512

    175f89cfcf465ebad4d7752d18ced332e927f2e13b9de40220305cd259c5db9f14e1b3a4480d8fe41db92116556230de650a16b1bc8282490c1fb581cf9f3864

  • SSDEEP

    1536:1dKaTHN2ymZ0ofa5uQm4V7HG8ldINh+RhFtFftCgpcGO5lPf/XG8GmGwktbG:1Y4tIQG8XAmbFfaGc1fawk1G

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 2 IoCs
    persistence
  • Loads dropped DLL 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\04e388933eab8600c45e65e2470c6b33.dll,#1
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    PID:2028
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\04e388933eab8600c45e65e2470c6b33.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\SysWOW64\pwfff.dll
    Filesize

    3KB

    MD5

    d2ea601e249809349bf317e4e97451e4

    SHA1

    3b18e9ec802bc60c8e8a48bd1dc2933a658e7551

    SHA256

    62092009e080eabd26386bd6d1b4a064f6c1389a12b21a8e33b6ff7e682c34bc

    SHA512

    31ec1c407e8a68596b95c7ba92268d6674c9ae274223c4be6bc92f2ba6beb15d6a1e15acf4b386d8017f7ee1a463ff50b72f1879e71f7f3845c718410d9b80d1

    Download Submit

  • memory/2028-1-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download

  • memory/2028-7-0x0000000076680000-0x0000000076720000-memory.dmp

    Filesize

    640KB

    Download

  • memory/2028-6-0x0000000000400000-0x0000000000444000-memory.dmp

    Filesize

    272KB

    Download