Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
20/07/2024, 19:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0893a1edf6215a43fde5a90d5a028cf0N.dll
Resource
win10v2004-20240709-en
2 signatures
150 seconds
General
-
Target
0893a1edf6215a43fde5a90d5a028cf0N.dll
-
Size
177KB
-
MD5
0893a1edf6215a43fde5a90d5a028cf0
-
SHA1
46ab2076bd6394bace7c33a93c3f4a402df2e7e8
-
SHA256
228fdcecdf9021628fd02f48f1c5ff9cccff2cfc89ef3662b714d442b3df75f7
-
SHA512
5a7c9485b8a27b0516ed94fb491f9895ef4be4b2b2af0467764101047d0f1425729bfa39b303a7f22912fab431312965d524f8bb13252a748e1da4139d1cc5c0
-
SSDEEP
3072:O6c6qAB5CFdzxNhg2JowONfYRbSwUaq55oYCmoD3ihpID1IQXBJkCcCu45PD:+UedNNhg2d2bqihpIJkx45
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3152 3208 WerFault.exe 84 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3616 wrote to memory of 3208 3616 rundll32.exe 84 PID 3616 wrote to memory of 3208 3616 rundll32.exe 84 PID 3616 wrote to memory of 3208 3616 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0893a1edf6215a43fde5a90d5a028cf0N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3616 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0893a1edf6215a43fde5a90d5a028cf0N.dll,#12⤵PID:3208
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 6203⤵
- Program crash
PID:3152
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3208 -ip 32081⤵PID:3604