Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 03:22
Behavioral task
behavioral1
Sample
0ccf06d959a7ecb84001e82c4a93cc59.dll
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
0ccf06d959a7ecb84001e82c4a93cc59.dll
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
0ccf06d959a7ecb84001e82c4a93cc59.dll
-
Size
13KB
-
MD5
0ccf06d959a7ecb84001e82c4a93cc59
-
SHA1
776ee8354c042aaeff50dc48b66132002afb5fdd
-
SHA256
1c6d6b3ddea8e478a2cb1a71f2aa4ebd849d3d422d12b3d271796c01eb3ab2f8
-
SHA512
aa69be6024a98d4ed7f7711e02fe3f1e755232d84d9ea9b9e728cef6e5552c645a6f3a5cab17b54e89c3cf00c481da8713eaa5469e95538f4b39b994c69477c0
-
SSDEEP
384:Roga7P3zobB7vU7uTMxNsmE0a5dj/DaNJawcudoD7U:CgaXQ5UCMxNsmEr5dKnbcuyD7U
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2516-1-0x0000000010000000-0x000000001000A000-memory.dmp upx behavioral1/memory/2516-0-0x0000000010000000-0x000000001000A000-memory.dmp upx behavioral1/memory/2516-2-0x0000000010000000-0x000000001000A000-memory.dmp upx -
Program crash 1 IoCs
pid pid_target Process 1836 2516 WerFault.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2080 wrote to memory of 2516 2080 rundll32.exe 17 PID 2080 wrote to memory of 2516 2080 rundll32.exe 17 PID 2080 wrote to memory of 2516 2080 rundll32.exe 17 PID 2080 wrote to memory of 2516 2080 rundll32.exe 17 PID 2080 wrote to memory of 2516 2080 rundll32.exe 17 PID 2080 wrote to memory of 2516 2080 rundll32.exe 17 PID 2080 wrote to memory of 2516 2080 rundll32.exe 17 PID 2516 wrote to memory of 1836 2516 rundll32.exe 16 PID 2516 wrote to memory of 1836 2516 rundll32.exe 16 PID 2516 wrote to memory of 1836 2516 rundll32.exe 16 PID 2516 wrote to memory of 1836 2516 rundll32.exe 16
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ccf06d959a7ecb84001e82c4a93cc59.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2080 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0ccf06d959a7ecb84001e82c4a93cc59.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2516
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 2441⤵
- Program crash
PID:1836