Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
17/04/2024, 09:21
Behavioral task
behavioral1
Sample
e8bedbffbdcec13cddc14f9e3cee7e7ca4ee6e8b4b5cbe13376a9c8687426c53.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e8bedbffbdcec13cddc14f9e3cee7e7ca4ee6e8b4b5cbe13376a9c8687426c53.dll
Resource
win10v2004-20240226-en
General
-
Target
e8bedbffbdcec13cddc14f9e3cee7e7ca4ee6e8b4b5cbe13376a9c8687426c53.dll
-
Size
576KB
-
MD5
2216e2d977fccf09d938542a14c92345
-
SHA1
b4d4f7847afaaf23b58844fd7db3d759edda6b6f
-
SHA256
e8bedbffbdcec13cddc14f9e3cee7e7ca4ee6e8b4b5cbe13376a9c8687426c53
-
SHA512
b9d5f4549b89ba8ee7fbe5bf5f11c6d484d7fa7b483b7f10f86cd6c2bfa8c7b33538ca428597328706552c400f3913131bb4a277dbd66f00403680c9e11e8221
-
SSDEEP
12288:zldQzDwEGwWEcQQVqLVPf49HOTlctYWbdpZ:zldQzcwWEcQVPw9OTl4YWbx
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
flow pid Process 3 2584 rundll32.exe -
Program crash 1 IoCs
pid pid_target Process procid_target 1216 2584 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2252 wrote to memory of 2584 2252 rundll32.exe 28 PID 2252 wrote to memory of 2584 2252 rundll32.exe 28 PID 2252 wrote to memory of 2584 2252 rundll32.exe 28 PID 2252 wrote to memory of 2584 2252 rundll32.exe 28 PID 2252 wrote to memory of 2584 2252 rundll32.exe 28 PID 2252 wrote to memory of 2584 2252 rundll32.exe 28 PID 2252 wrote to memory of 2584 2252 rundll32.exe 28 PID 2584 wrote to memory of 1216 2584 rundll32.exe 29 PID 2584 wrote to memory of 1216 2584 rundll32.exe 29 PID 2584 wrote to memory of 1216 2584 rundll32.exe 29 PID 2584 wrote to memory of 1216 2584 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e8bedbffbdcec13cddc14f9e3cee7e7ca4ee6e8b4b5cbe13376a9c8687426c53.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2252 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e8bedbffbdcec13cddc14f9e3cee7e7ca4ee6e8b4b5cbe13376a9c8687426c53.dll,#12⤵
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 2243⤵
- Program crash
PID:1216
-
-