Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

WCLDll.dll

windows7-x64

1

WCLDll.dll

windows10-2004-x64

1

msvcp140.dll

windows7-x64

3

msvcp140.dll

windows10-2004-x64

3

ptMgr.dll

windows7-x64

1

ptMgr.dll

windows10-2004-x64

3

ptusredt.dll

windows7-x64

1

ptusredt.dll

windows10-2004-x64

1

vcruntime140.dll

windows7-x64

3

vcruntime140.dll

windows10-2004-x64

3

wbxtrace.dll

windows7-x64

1

wbxtrace.dll

windows10-2004-x64

3

x64/Templa...te.htm

windows7-x64

1

x64/Templa...te.htm

windows10-2004-x64

1

x64/plugin...ns.dll

windows7-x64

1

x64/plugin...ns.dll

windows10-2004-x64

1

x64/plugin...ns.dll

windows7-x64

1

x64/plugin...ns.dll

windows10-2004-x64

1

x64/plugin...ns.dll

windows7-x64

1

x64/plugin...ns.dll

windows10-2004-x64

1

x64/plugin...ns.dll

windows7-x64

1

x64/plugin...ns.dll

windows10-2004-x64

1

x64/plugin...re.dll

windows7-x64

1

x64/plugin...re.dll

windows10-2004-x64

1

x64/plugin...po.dll

windows7-x64

1

x64/plugin...po.dll

windows10-2004-x64

1

x64/plugin...ns.dll

windows7-x64

1

x64/plugin...ns.dll

windows10-2004-x64

1

x64/plugin...ns.dll

windows7-x64

1

x64/plugin...ns.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    576s
  • max time network
    552s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2024, 05:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ptMgr.dll

  • Size

    2.5MB

  • MD5

    2087eb2d3fb639933ebe0a0614fd5218

  • SHA1

    c1a1b75c8e76e000b7045092bd11100904a72840

  • SHA256

    725f50650cb9490027b633a1ff0ae166cb6fc42037dbe72d9a09dd65be323a1f

  • SHA512

    3390536ed543529d01ed7d1616d36d6fde67d68bf6641f901ac5c081ede043943dacd3a7a0bf1729945be800d4ccda00c07511e1c23c7c33d9864be50645502e

  • SSDEEP

    49152:LvSyYrklCgEFFKYy3Hlll43MkyoYh0iXGu2B1BIthEjlI0UZhQZZmRvCH:GEkglDlH1VZ0uGu2lIQ

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ptMgr.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3508
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ptMgr.dll,#1
      2⤵
        PID:4112
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 732
          3⤵
          • Program crash
          PID:3272
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 812
          3⤵
          • Program crash
          PID:4608
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4112 -ip 4112
      1⤵
        PID:3200
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4112 -ip 4112
        1⤵
          PID:4024
        • C:\Windows\system32\rundll32.exe
          "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
          1⤵
            PID:3648
          • C:\Windows\System32\svchost.exe
            C:\Windows\System32\svchost.exe -k UnistackSvcGroup
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:4228

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4228-0-0x000001E229B40000-0x000001E229B50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4228-16-0x000001E229C40000-0x000001E229C50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/4228-32-0x000001E231F50000-0x000001E231F51000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4228-34-0x000001E231F60000-0x000001E231F61000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4228-35-0x000001E231F60000-0x000001E231F61000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4228-36-0x000001E231F70000-0x000001E231F71000-memory.dmp

            Filesize

            4KB

            Download