Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

Richard/Log.dll

windows10-2004-x64

3

Richard/Mi...90.dll

windows10-2004-x64

3

Richard/Mi...90.dll

windows10-2004-x64

3

Richard/Mi...90.dll

windows10-2004-x64

3

Richard/Mi...90.dll

windows10-2004-x64

3

Richard/Ne...on.dll

windows10-2004-x64

1

Richard/Ri...er.exe

windows10-2004-x64

3

Richard/Richard.exe

windows10-2004-x64

3

Richard/VM...32.dll

windows10-2004-x64

3

Richard/boost.dll

windows10-2004-x64

3

Richard/co...ipt.js

windows10-2004-x64

3

Richard/fmodex.dll

windows10-2004-x64

3

Richard/tbb.dll

windows10-2004-x64

3

Richard/tbb_debug.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 23:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Richard/boost.dll

  • Size

    169KB

  • MD5

    a4d67525725e1bbaa3ba16b949ce2702

  • SHA1

    9a2f94fefe044dcbb886b8b52d44f10f7dd2b204

  • SHA256

    0eea519421b90d13f4ff5db9840f25a66ad572d904b8cc327dae482bb9a6723f

  • SHA512

    fa4d4cb4427866de74cbcf388e87de4e1225195a12444693af9ec45481a6d08e7d7e8c6fb88cb39b771d0a6a3fae27f79e1d113a6ac3591504c3cbcd92019da8

  • SSDEEP

    3072:waSnXoeWYY/WXhGbJX+QmYYYWYYYYYYbf1n31AdQY9nRUQt4uIqugji:wIejXhUX+791GiEkKj

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Richard\boost.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4032
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Richard\boost.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4656
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 608
        3⤵
        • Program crash
        PID:5028
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4656 -ip 4656
    1⤵
      PID:1924

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads