Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/03/2024, 10:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
be532c5a961a0aea0f52b23ca81689e8.dll
Resource
win7-20240221-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
be532c5a961a0aea0f52b23ca81689e8.dll
Resource
win10v2004-20240226-en
4 signatures
150 seconds
General
-
Target
be532c5a961a0aea0f52b23ca81689e8.dll
-
Size
7.6MB
-
MD5
be532c5a961a0aea0f52b23ca81689e8
-
SHA1
07aff6df4fd7e74bd52b4b83623ea18247bd1964
-
SHA256
b3e58e5bb99a1ec1bd1f8f0277e683faf309e92891072f4cc03df3407078e857
-
SHA512
32f83dc8e0dd1089e4d499119d22bda841a1474798c108e432e7f91d110a4b421a7f41bf566167293f999365ec9c9f26bc06ee3041e9d1a658c5f4bf8a82df52
-
SSDEEP
196608:r8pdEEFJQ481YxOv5wANkZGFrxGOybiHmUBbSd/maDOOOs:opXFJQ4OZ+OrIOybiHmUBmd/mqOb
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
flow pid Process 15 2356 rundll32.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 4436 2356 WerFault.exe 88 -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2356 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3212 wrote to memory of 2356 3212 rundll32.exe 88 PID 3212 wrote to memory of 2356 3212 rundll32.exe 88 PID 3212 wrote to memory of 2356 3212 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\be532c5a961a0aea0f52b23ca81689e8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3212 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\be532c5a961a0aea0f52b23ca81689e8.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: RenamesItself
PID:2356 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 7603⤵
- Program crash
PID:4436
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2356 -ip 23561⤵PID:4568