Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 19:20

General

  • Target

    244509ec1a0adbeac56f2ab4307ba58c75a733e5b547e0891ae33340c82343c6.dll

  • Size

    415KB

  • MD5

    908f785ec66b48808d1cd9fc775efe3f

  • SHA1

    0ac205d041be1fbbf03829c5d3abfeb9d2503098

  • SHA256

    244509ec1a0adbeac56f2ab4307ba58c75a733e5b547e0891ae33340c82343c6

  • SHA512

    26722524bc51fcecbdbea21aa01dca7f7cd22a06fd4cdfcefbedba284e58b62425c4743a4d4d4b295ff0b6f68e852445f8ffc8ee672fc00a15c3726c30ff744c

  • SSDEEP

    6144:NFqNk/Y2WIDoHuE+uslD7pPuumIgz9st3NWSvrtxD9C4ckCDUDEris60LEdqUhK9:Hqj26uRlRP1B3N/rn/ckk60LEdqUE9

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\244509ec1a0adbeac56f2ab4307ba58c75a733e5b547e0891ae33340c82343c6.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2540 -s 80
      2⤵
        PID:640

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads