Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

89b1c84d1d...cN.dll

windows7-x64

8

89b1c84d1d...cN.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    14s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2025, 13:53 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    89b1c84d1d1ce3f28bc4ec96e8a835fe4b9e661612fd89e9d141d478f827fb1cN.dll

  • Size

    76KB

  • MD5

    afad5d62c253801e595ff55d82033790

  • SHA1

    610f25303bf77ec6eca3fd864839330849751b8a

  • SHA256

    89b1c84d1d1ce3f28bc4ec96e8a835fe4b9e661612fd89e9d141d478f827fb1c

  • SHA512

    e8f2221fe89cc45b027769b916bf82e554c30fe6012801f6e0624f0fb1d796dff317ab7d6dbc065403bdee17153ad63fd0cd5178981c107c6867178a4a2b4938

  • SSDEEP

    1536:YjV8y93KQpFQmPLRk7G50zy/riF12jvRyo0hQk7ZcJKA:c8y93KQjy7G55riF1cMo03iJKA

Score
8/10
discoverypersistenceprivilege_escalationupx

Malware Config

Signatures

  • Event Triggered Execution: AppInit DLLs 1 TTPs

    Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.

    persistenceprivilege_escalation
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\89b1c84d1d1ce3f28bc4ec96e8a835fe4b9e661612fd89e9d141d478f827fb1cN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\89b1c84d1d1ce3f28bc4ec96e8a835fe4b9e661612fd89e9d141d478f827fb1cN.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3016
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 336
        3⤵
        • Program crash
        PID:2544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3016-1-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3016-3-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3016-2-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3016-0-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3016-4-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download

  • memory/3016-6-0x0000000010000000-0x0000000010030000-memory.dmp

    Filesize

    192KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.