Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
30/10/2024, 15:06
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
wme.dll
Resource
win7-20240903-en
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
wme.dll
Resource
win10v2004-20241007-en
5 signatures
150 seconds
General
-
Target
wme.dll
-
Size
1.4MB
-
MD5
6696bb4cafb96b82037ba3038b206d81
-
SHA1
6d46de3e9119c49ab86e303f87f9b30a0f164063
-
SHA256
1921c1e04ba16e71ff38e58efe210a7d9f433cf122eb5f8054dbbea2a381e54d
-
SHA512
49bcc12bd899c7d7130684233e0ac5ce74a65dd6ca14104e1812293c0619bf76251dff64dd51b627226fdcc76584cf72273398c276a76141934aeb7c173e2a83
-
SSDEEP
24576:SjPmkfHk7ONT01cDYLSTRrstVey92QOn9Kw1:SjPmkfHk7O5DYLSFrEVeyjOE4
Score
10/10
Malware Config
Signatures
-
Brute Ratel C4
A customized command and control framework for red teaming and adversary simulation.
-
Bruteratel family
-
Detect BruteRatel badger 1 IoCs
resource yara_rule behavioral2/memory/4404-1-0x000001544A560000-0x000001544A59E000-memory.dmp family_bruteratel -
Blocklisted process makes network request 12 IoCs
flow pid Process 24 4404 rundll32.exe 26 4404 rundll32.exe 28 4404 rundll32.exe 33 4404 rundll32.exe 35 4404 rundll32.exe 37 4404 rundll32.exe 39 4404 rundll32.exe 41 4404 rundll32.exe 65 4404 rundll32.exe 74 4404 rundll32.exe 76 4404 rundll32.exe 93 4404 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4404 rundll32.exe 4404 rundll32.exe 4404 rundll32.exe 4404 rundll32.exe 4404 rundll32.exe 4404 rundll32.exe 4404 rundll32.exe 4404 rundll32.exe