Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

v2_builds_...er.exe

windows10-2004-x64

8

v2_builds_...er.exe

windows11-21h2-x64

8

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...up.exe

windows10-2004-x64

8

$PLUGINSDI...up.exe

windows11-21h2-x64

8

QuiverPhotos.exe

windows10-2004-x64

8

QuiverPhotos.exe

windows11-21h2-x64

8

Resubmissions

09/07/2024, 21:40

240709-1jl9bayglb 8

09/07/2024, 21:37

240709-1gr2saxclm 8

Analysis

  • max time kernel
    90s
  • max time network
    95s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09/07/2024, 21:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/System.dll

  • Size

    28KB

  • MD5

    81e34f1c4b04a15dbce200c52f598f67

  • SHA1

    f40a922ad7a5494e2aeeaa2b961d96738e888af7

  • SHA256

    b89448b9fd7be5ef215cac6d973a57c0e75e1fffa25552afe174855c9b71fdf9

  • SHA512

    577f52a292075269f0e8ec4c6d243b2ed411872e009839553020929a8263174ad97943f150543e4ea6cb327d95e227f4065441a9d2106b7cabf1cb872dbcc181

  • SSDEEP

    384:xmEs6sVqQq0DwRiGUaLYuAXLaMoy4m973uwYkvZ6YfkzB8yy1Eiu8ILvFd/9:xmEwqZ2wRiGUcY8TBsdvEbB8yyvIJ

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
      2⤵
        PID:2512
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 460
          3⤵
          • Program crash
          PID:668
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2512 -ip 2512
      1⤵
        PID:4996

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2512-0-0x0000000074CA0000-0x0000000074CAF000-memory.dmp

        Filesize

        60KB

        Download