Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
30/12/2023, 07:54
General
-
Target
12b9e1d71739eb99bb02be37887f5cce.dll
-
Size
209KB
-
MD5
12b9e1d71739eb99bb02be37887f5cce
-
SHA1
d0467809d8053270750003d0d9ab1ac44427b26a
-
SHA256
94c32474249acb4a1e123c9a7f8890eecf5e54bca785fa9482bc99e6def20d0a
-
SHA512
bad415f00c58e8264cfba1417ff1914ef99d1c67281ddf174cdd1405a8ccaacfef5a62fb68a7b6a0017ab778b3cf809e2f695949b8c8a7456558ac6d6194957a
-
SSDEEP
6144:s3TfWTH0hrZsCX/qB8wEOvn5uTwIPAShhPtkEQH2j3EYCrUE:lTgZsCv48Evc0IPAkkwTjCrp
Score
7/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\12b9e1d71739eb99bb02be37887f5cce.dll,#11⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 5482⤵
- Program crash
-
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\12b9e1d71739eb99bb02be37887f5cce.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4884 -ip 48841⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
340KB
-
Filesize
80KB