Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

3

SickoMenu.dll

windows11-21h2-x64

5

version.dll

windows11-21h2-x64

3

Analysis

  • max time kernel
    0s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27/06/2024, 16:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    version.dll

  • Size

    2.4MB

  • MD5

    b18d5b03e078408ed519857e66106ceb

  • SHA1

    39c21b7ed96c46dd0c0679fe01444bf6e34361cd

  • SHA256

    bf25cdc46afca457f75bd213e3b0c68c634acff46484300e66e3302da2e2595f

  • SHA512

    b03c8d8c5f87f159b2f53d0b7a9388314e34ac8637d5c68d6e1ac8d280d5bdd3b1e4af974bb4817cab6ccdb4ea04234570e1abf3730cb4b35b68e71f3d8fb852

  • SSDEEP

    49152:YgoTxkeJnGb86hZBztXtFTKFkfz/zygYRHxTzJUAtnrC73pOPGiC02zjTDzjTIds:YgFeJ6PL/WgyxG730P

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4372
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\version.dll,#1
      2⤵
        PID:3612
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 524
          3⤵
          • Program crash
          PID:240
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3612 -ip 3612
      1⤵
        PID:740

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads