Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
27/01/2024, 12:55
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7a4fcbe0d29e3d88295a183d5689f8f9.dll
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
7a4fcbe0d29e3d88295a183d5689f8f9.dll
Resource
win10v2004-20231222-en
2 signatures
150 seconds
General
-
Target
7a4fcbe0d29e3d88295a183d5689f8f9.dll
-
Size
17KB
-
MD5
7a4fcbe0d29e3d88295a183d5689f8f9
-
SHA1
3d806de4063165e37ad1b18cf6f7229e24f1d2e7
-
SHA256
4499873bcd220ab331f5985283f957dc1688cfc049ee3bb16e62cc6f29005cf0
-
SHA512
80d8b4a7b0de342b2b4e5aaa5164f36ccac4ac8bb0f3a587e360905c7d013e883f32946786b3f753f6b329a7bc341bb41ce46aaeb635b2d7bf094cba3234d9fb
-
SSDEEP
384:3L8JLx9T/abQJdy5Kn01cFZrtCFUOEvXlTmz:3LK9TSbqyS01c3rtCyf9T
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2780 2840 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2896 wrote to memory of 2840 2896 rundll32.exe 28 PID 2896 wrote to memory of 2840 2896 rundll32.exe 28 PID 2896 wrote to memory of 2840 2896 rundll32.exe 28 PID 2896 wrote to memory of 2840 2896 rundll32.exe 28 PID 2896 wrote to memory of 2840 2896 rundll32.exe 28 PID 2896 wrote to memory of 2840 2896 rundll32.exe 28 PID 2896 wrote to memory of 2840 2896 rundll32.exe 28 PID 2840 wrote to memory of 2780 2840 rundll32.exe 29 PID 2840 wrote to memory of 2780 2840 rundll32.exe 29 PID 2840 wrote to memory of 2780 2840 rundll32.exe 29 PID 2840 wrote to memory of 2780 2840 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7a4fcbe0d29e3d88295a183d5689f8f9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2896 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7a4fcbe0d29e3d88295a183d5689f8f9.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2840 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 2483⤵
- Program crash
PID:2780
-
-