Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

5828d4217d...8d.exe

windows7-x64

7

5828d4217d...8d.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

Unbegrudge...hr.app

macos-10.15-amd64

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    23/05/2024, 14:55 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/UserInfo.dll

  • Size

    4KB

  • MD5

    035bdb470a6807313bd005bd98341ffc

  • SHA1

    5017d1e5a23f1c64594f737e6fccd519729c3b3e

  • SHA256

    26fa900e3426b4dd272707e1aaf428b5ee06bdc2cc2bbaecdab6b54f11f38f27

  • SHA512

    f888baed5267b05b13722e839634254393aa99b2adf1a2ae6e799d3a901665e7ebda0fa1202db20a6765a8aff58e2ed6f4e822028be426db732eb10ec783aa05

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UserInfo.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2116
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UserInfo.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1516
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 220
        3⤵
        • Program crash
        PID:1624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.