Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
23/02/2024, 23:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a0ae17cc5e8f231cd3cff1d8d00f51ea.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
a0ae17cc5e8f231cd3cff1d8d00f51ea.dll
Resource
win10v2004-20240221-en
2 signatures
150 seconds
General
-
Target
a0ae17cc5e8f231cd3cff1d8d00f51ea.dll
-
Size
152KB
-
MD5
a0ae17cc5e8f231cd3cff1d8d00f51ea
-
SHA1
60e06320b8399aa66330940e33e9f04da817c6e7
-
SHA256
7bdc3a3081478121d53ac344afbeac1499eebee3e0b0d0d97169bb57511b36a3
-
SHA512
ce2291d564870295cd2f775de20a0f354a21f69001e4cc4cbe1258d820b5fcc0cb421700f13fdbde5c5e6c88dcaf9c789c4a7e7b5614665a961d5c677abc1d98
-
SSDEEP
1536:hW9gdozVJ1wyJf2k+pVEIdJLkEJsWJYsNmERDS:hWhJ2LLThrhRe
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4260 1740 WerFault.exe 88 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3672 wrote to memory of 1740 3672 rundll32.exe 88 PID 3672 wrote to memory of 1740 3672 rundll32.exe 88 PID 3672 wrote to memory of 1740 3672 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a0ae17cc5e8f231cd3cff1d8d00f51ea.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3672 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a0ae17cc5e8f231cd3cff1d8d00f51ea.dll,#12⤵PID:1740
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 6043⤵
- Program crash
PID:4260
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1740 -ip 17401⤵PID:112