Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
09/01/2024, 04:17
Behavioral task
behavioral1
Sample
UsbEAm Hosts Editor-v3.63/UsbEAm Hosts Editor v3.63.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
UsbEAm Hosts Editor-v3.63/UsbEAm Hosts Editor v3.63.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
UsbEAm Hosts Editor-v3.63/gzip.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
UsbEAm Hosts Editor-v3.63/gzip.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
UsbEAm Hosts Editor-v3.63/libcurl.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
UsbEAm Hosts Editor-v3.63/libcurl.dll
Resource
win10v2004-20231222-en
General
-
Target
UsbEAm Hosts Editor-v3.63/libcurl.dll
-
Size
3.9MB
-
MD5
63b09a70418a7dd51353f738995e6c8b
-
SHA1
1caf0029b8c3c24cac4722b06f5d586581288839
-
SHA256
fa477933a613b03652ea2a787527486d0e9225bf1d208ae77d065e35405b4ff6
-
SHA512
d972fe3ab1a830a6d26a2770d75c7879c1d26da0edac4344efb4de8c5464445a8b265be00ab0e4e5891a9d12b536841e4d857c723e78f8bb1f96ff2263df7e5b
-
SSDEEP
98304:WIjPO63r8wOOViZOeHqf3nmERCw7qQgr1gyXewHrHIxxKsZpA3Iy0RAdzop9o+w:/18wOOViZOeHqf3ndCw7qQgr1gyXewHv
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2668 3048 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2300 wrote to memory of 3048 2300 rundll32.exe 28 PID 2300 wrote to memory of 3048 2300 rundll32.exe 28 PID 2300 wrote to memory of 3048 2300 rundll32.exe 28 PID 2300 wrote to memory of 3048 2300 rundll32.exe 28 PID 2300 wrote to memory of 3048 2300 rundll32.exe 28 PID 2300 wrote to memory of 3048 2300 rundll32.exe 28 PID 2300 wrote to memory of 3048 2300 rundll32.exe 28 PID 3048 wrote to memory of 2668 3048 rundll32.exe 29 PID 3048 wrote to memory of 2668 3048 rundll32.exe 29 PID 3048 wrote to memory of 2668 3048 rundll32.exe 29 PID 3048 wrote to memory of 2668 3048 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\UsbEAm Hosts Editor-v3.63\libcurl.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:2300 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\UsbEAm Hosts Editor-v3.63\libcurl.dll",#12⤵
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 2323⤵
- Program crash
PID:2668
-
-