Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

HYPER VISOR.dll

windows7-x64

1

HYPER VISOR.dll

windows10-1703-x64

1

HYPER VISOR.dll

windows10-2004-x64

1

HYPER VISOR.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 13:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HYPER VISOR.dll

  • Size

    7.1MB

  • MD5

    40be4d846a32602f8fe21cf12849509a

  • SHA1

    00671ccf19ec49c3f80b14bb14097ef4f7e4eb01

  • SHA256

    210dc8fdd82f613b02ed690ba3a63006892f3b67355cd99ceb1176edc950f534

  • SHA512

    da20a1ec64606fa7e512114a983697fb11007c820e6bc09a65a11bdcf8ca7e331bf272718126a00488b6da9f5828c9ed4f1eba91e36790e1c340eb56957def1d

  • SSDEEP

    49152:IF7pnl5YIC6t7DTe5RoGO9ddtCH/8F3XgABM+vP2VKIvCTCtL3sRtjUMfVrQtMCs:vO591RvMNySJe0TOGJp1UQl9+

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\HYPER VISOR.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1640 -s 88
      2⤵
        PID:2352

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads