Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

0bfa0fcf6a...1a.dll

windows7-x64

1

0bfa0fcf6a...1a.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    133s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 02:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0bfa0fcf6a253fc612d0e96d830f2b1a.dll

  • Size

    592KB

  • MD5

    0bfa0fcf6a253fc612d0e96d830f2b1a

  • SHA1

    3ff055e3546c5b869ca236eb05e112e8d3529586

  • SHA256

    f5438b33c04c17156c4ee9a39402bacab40a3429acc4d521c8065d2f6c9c2dfd

  • SHA512

    3220b1cca15400a2fa1467753503192cb9729dda132337357d90bde83fdcbdf0c6f411b6ea5ce2f3f70857f7f1162ed808a22ee2d842e6172649db926d02b118

  • SSDEEP

    12288:1jqeEY+XSnBrJ9VHXQclhrTmshjCnd6ghPEsASHkg6d1jqV+nxp:1+nY+iP3Qem1nMIshGkjTjqav

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\0bfa0fcf6a253fc612d0e96d830f2b1a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4544
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\0bfa0fcf6a253fc612d0e96d830f2b1a.dll,#1
      2⤵
        PID:2764

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2764-0-0x0000000020000000-0x000000002000B000-memory.dmp

      Filesize

      44KB

      Download