Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

WeChatSetup.exe

windows7-x64

4

WeChatSetup.exe

windows10-2004-x64

4

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

1

$PLUGINSDI...ll.dll

windows10-2004-x64

1

$PLUGINSDI...st.dll

windows7-x64

3

$PLUGINSDI...st.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

4

Uninstall.exe

windows10-2004-x64

4

WeChat.exe

windows7-x64

9

WeChat.exe

windows10-2004-x64

9

WechatAppLauncher.exe

windows7-x64

1

WechatAppLauncher.exe

windows10-2004-x64

1

[3.9.11.19...dk.dll

windows7-x64

1

[3.9.11.19...dk.dll

windows10-2004-x64

1

[3.9.11.19...ll.exe

windows7-x64

4

[3.9.11.19...ll.exe

windows10-2004-x64

4

[3.9.11.19...ne.dll

windows7-x64

1

[3.9.11.19...ne.dll

windows10-2004-x64

1

[3.9.11.19...at.exe

windows7-x64

9

[3.9.11.19...at.exe

windows10-2004-x64

9

[3.9.11.19...xt.exe

windows7-x64

1

[3.9.11.19...xt.exe

windows10-2004-x64

3

[3.9.11.19...ce.dll

windows7-x64

1

[3.9.11.19...ce.dll

windows10-2004-x64

1

[3.9.11.19...pt.exe

windows7-x64

3

[3.9.11.19...pt.exe

windows10-2004-x64

3

[3.9.11.19...te.exe

windows7-x64

3

[3.9.11.19...te.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    24s
  • max time network
    24s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    10/07/2024, 05:35 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/FindProcDLL.dll

  • Size

    492KB

  • MD5

    633625aa3be670a515fa87ff3a566d90

  • SHA1

    de035c083125aef5df0a55c153ef6cc4dd4c15b4

  • SHA256

    bda8e0ddb672ea3558ad68634c49da06cd72f93d7fca642ca41df00e26512df1

  • SHA512

    3c687ddf0e4e93a6787a23a93e2011df42898f6d21101c848a1b7c7bd2eddd5d49fdd0748e47e6235e7808596d00a1ecf79b5c975d050dd8d00a95f515a444a9

  • SSDEEP

    12288:LAeafIS4J8anXexYWGRhvgbTu4RJ6//sCMUx:04J9/WGRS33+

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\FindProcDLL.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3028
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\FindProcDLL.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2344
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 224
        3⤵
        • Program crash
        PID:1988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2344-0-0x0000000010000000-0x00000000100AB000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2344-1-0x0000000010000000-0x00000000100AB000-memory.dmp

    Filesize

    684KB

    Download

  • memory/2344-2-0x0000000010000000-0x00000000100AB000-memory.dmp

    Filesize

    684KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.