Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
09/03/2024, 16:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bc4b4c670ca228c2bf721a6937508a32.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
bc4b4c670ca228c2bf721a6937508a32.dll
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
bc4b4c670ca228c2bf721a6937508a32.dll
-
Size
93KB
-
MD5
bc4b4c670ca228c2bf721a6937508a32
-
SHA1
71b16d3ee894c813a7255be3b8706434b3cf17f6
-
SHA256
159535b210161897c7d7f2d0c7b9854d3691d12b161cff0a07a159f3ff19468d
-
SHA512
65024372c8059518a4912866fbeb5df5d799f79324d42aded5783c7195a7119c437affc2701ac725f95acb3c1389b8a00f91de138af58477db2fbe073a643fb6
-
SSDEEP
1536:pJhZDMijwmrl9qclu7tR6UMIth7hf9Gp7UxnrCezyGNVkPGzehYE4FplHppfFO:VZw4HZu7tbd7VGp7UeeG1Es8tJBFO
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1928 2312 WerFault.exe 95 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4580 wrote to memory of 2312 4580 rundll32.exe 95 PID 4580 wrote to memory of 2312 4580 rundll32.exe 95 PID 4580 wrote to memory of 2312 4580 rundll32.exe 95
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bc4b4c670ca228c2bf721a6937508a32.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4580 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bc4b4c670ca228c2bf721a6937508a32.dll,#12⤵PID:2312
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 5803⤵
- Program crash
PID:1928
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2312 -ip 23121⤵PID:2940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4068 --field-trial-handle=2900,i,14549994492153927475,12895178890800740987,262144 --variations-seed-version /prefetch:81⤵PID:1164