Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 23:46
Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
208601c86066c950673e3f03626dc09b.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
208601c86066c950673e3f03626dc09b.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
208601c86066c950673e3f03626dc09b.dll
-
Size
24KB
-
MD5
208601c86066c950673e3f03626dc09b
-
SHA1
2a483bbc69be89c56524653a5a003e942ef3c2cc
-
SHA256
e0c7007238c113f363cadc18914061680e82f3e20e9dfde6e188344d93db609a
-
SHA512
78378f21cd704c9a50dcce4c32c805bacc858c7e003a98c1709aa980725a544e477ea00d507d844a734be09756d240758704ab0f3e815c0f2c3d6a6f8df47543
-
SSDEEP
768:SpMGQuW00SXm8qcZ1augDdkfc5qJumUWPsYIY0:SyGQDSXmQMdklumUWPsYZ
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1980 3228 WerFault.exe 88 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2112 wrote to memory of 3228 2112 rundll32.exe 88 PID 2112 wrote to memory of 3228 2112 rundll32.exe 88 PID 2112 wrote to memory of 3228 2112 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\208601c86066c950673e3f03626dc09b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\208601c86066c950673e3f03626dc09b.dll,#12⤵PID:3228
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 6323⤵
- Program crash
PID:1980
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3228 -ip 32281⤵PID:3716