Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
178s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 12:48
Behavioral task
behavioral1
Sample
1900593c14803ca43c128d74b9aedda4.dll
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
1900593c14803ca43c128d74b9aedda4.dll
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
1900593c14803ca43c128d74b9aedda4.dll
-
Size
95KB
-
MD5
1900593c14803ca43c128d74b9aedda4
-
SHA1
7e9e0489c6a0528fa2830fcd01028f9895c13e3e
-
SHA256
33b6bda3402228c525e725ab084092107b39e9246c49239835a19758ded1d3ae
-
SHA512
77cc4de647410f1f6364019e1dd3c459c0af6eb04d6f80bb5775db7ff797018b1b1821c1adbb2a80951ae027149b05568c3468081727d67bfb077c9599c08ebf
-
SSDEEP
1536:IPFJHJTXUP6GXMod1OS/bcbHFfB18wnCrsKekM6mOx:gFPQ6GX91F/bUH9B18jrsKekM6mOx
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\Drivers\beep.sys rundll32.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 2368 4772 WerFault.exe 89 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4012 wrote to memory of 4772 4012 rundll32.exe 89 PID 4012 wrote to memory of 4772 4012 rundll32.exe 89 PID 4012 wrote to memory of 4772 4012 rundll32.exe 89
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1900593c14803ca43c128d74b9aedda4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4012 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1900593c14803ca43c128d74b9aedda4.dll,#12⤵
- Drops file in Drivers directory
PID:4772 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 7163⤵
- Program crash
PID:2368
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4772 -ip 47721⤵PID:1856