Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
18/01/2024, 04:31
Static task
static1
Behavioral task
behavioral1
Sample
7351c3b4ca497cd5dadef658ad6cafbe874af63e110557af0de1b26d68688e76.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7351c3b4ca497cd5dadef658ad6cafbe874af63e110557af0de1b26d68688e76.dll
Resource
win10v2004-20231215-en
General
-
Target
7351c3b4ca497cd5dadef658ad6cafbe874af63e110557af0de1b26d68688e76.dll
-
Size
949KB
-
MD5
81cec95dd59c01bd5f1349d7fdaa8011
-
SHA1
1e416b0ec57c766c7ff11b457654e7f3e21abe30
-
SHA256
7351c3b4ca497cd5dadef658ad6cafbe874af63e110557af0de1b26d68688e76
-
SHA512
739b65fad7a21ec0a304406af29228e9f8698c4d4d708ed61dbef7e8ae97faa7cc34d7674b5e8bfd5bc5fc8e1a021da6fe2a1240250294b3b1ac80e1fd92ad20
-
SSDEEP
24576:/UrlDUTEEp0nDkklslEzl7jCslbcwbZjQFnrEH7q:MrlDUTKDkkWqZfCslbbZjQF3
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4456 2864 WerFault.exe 86 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5104 wrote to memory of 2864 5104 rundll32.exe 86 PID 5104 wrote to memory of 2864 5104 rundll32.exe 86 PID 5104 wrote to memory of 2864 5104 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7351c3b4ca497cd5dadef658ad6cafbe874af63e110557af0de1b26d68688e76.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5104 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7351c3b4ca497cd5dadef658ad6cafbe874af63e110557af0de1b26d68688e76.dll,#12⤵PID:2864
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 5643⤵
- Program crash
PID:4456
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 2864 -ip 28641⤵PID:3944