Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
24/05/2024, 12:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
api-ms-win-core-errorhandling-l1-1-0.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
api-ms-win-core-errorhandling-l1-1-0.dll
Resource
win10v2004-20240426-en
1 signatures
150 seconds
General
-
Target
api-ms-win-core-errorhandling-l1-1-0.dll
-
Size
3KB
-
MD5
b85f1b633930e3cf4e9f4da037f41b4c
-
SHA1
a1008a0a80b6350c7f0560027910beb1d7c7c529
-
SHA256
3875c7c076de4e473b6e30290dd8c72c99826a37c9212bb3fc402cf3d8c87d9c
-
SHA512
83cce51c1fb2ce6c60649c8598c5a5da154ccf95e1e7da0636f84760d2691585014b55d686ec94799a073c8790f087443b31fd5d30a12942be4ba20796db0516
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2780 wrote to memory of 1928 2780 rundll32.exe 83 PID 2780 wrote to memory of 1928 2780 rundll32.exe 83 PID 2780 wrote to memory of 1928 2780 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-errorhandling-l1-1-0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2780 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-errorhandling-l1-1-0.dll,#12⤵PID:1928
-