Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
132s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/03/2024, 10:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
be532c5a961a0aea0f52b23ca81689e8.dll
Resource
win7-20240221-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
be532c5a961a0aea0f52b23ca81689e8.dll
Resource
win10v2004-20240226-en
4 signatures
150 seconds
General
-
Target
be532c5a961a0aea0f52b23ca81689e8.dll
-
Size
7.6MB
-
MD5
be532c5a961a0aea0f52b23ca81689e8
-
SHA1
07aff6df4fd7e74bd52b4b83623ea18247bd1964
-
SHA256
b3e58e5bb99a1ec1bd1f8f0277e683faf309e92891072f4cc03df3407078e857
-
SHA512
32f83dc8e0dd1089e4d499119d22bda841a1474798c108e432e7f91d110a4b421a7f41bf566167293f999365ec9c9f26bc06ee3041e9d1a658c5f4bf8a82df52
-
SSDEEP
196608:r8pdEEFJQ481YxOv5wANkZGFrxGOybiHmUBbSd/maDOOOs:opXFJQ4OZ+OrIOybiHmUBmd/mqOb
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2164 2360 WerFault.exe 28 -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2360 rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 1736 wrote to memory of 2360 1736 rundll32.exe 28 PID 1736 wrote to memory of 2360 1736 rundll32.exe 28 PID 1736 wrote to memory of 2360 1736 rundll32.exe 28 PID 1736 wrote to memory of 2360 1736 rundll32.exe 28 PID 1736 wrote to memory of 2360 1736 rundll32.exe 28 PID 1736 wrote to memory of 2360 1736 rundll32.exe 28 PID 1736 wrote to memory of 2360 1736 rundll32.exe 28 PID 2360 wrote to memory of 2164 2360 rundll32.exe 29 PID 2360 wrote to memory of 2164 2360 rundll32.exe 29 PID 2360 wrote to memory of 2164 2360 rundll32.exe 29 PID 2360 wrote to memory of 2164 2360 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\be532c5a961a0aea0f52b23ca81689e8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1736 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\be532c5a961a0aea0f52b23ca81689e8.dll,#12⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2360 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 3083⤵
- Program crash
PID:2164
-
-