Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    06/02/2025, 22:33

General

  • Target

    SecuriteInfo.com.Win64.Evo-gen.16007.19374.dll

  • Size

    2.2MB

  • MD5

    a8b2af15cfc2fb0259459412e55334e2

  • SHA1

    38ce03bbe014489f40aaaa863f88fe4f8d299030

  • SHA256

    c0c17a2d3ad170ba6b60096b7966d954bdab9fd8c333d7727e74e2b2f927fcc8

  • SHA512

    539c0b2b7a076714a8cfa75a0b63bd0b917711b7bc5cff7e87684cc0bd0c8ec5e995c6f0c6b159b86ce1166e1254411cb9e635170447bd214c96f7e902e3ea64

  • SSDEEP

    49152:/ZzQqIEjvDQPOnR5mSBn/VSlsBzXHWtSyZS:/YcxyZ

Score
10/10

Malware Config

Extracted

Family

latrodectus

Version

1.4

C2

https://apworsindos.com/test/

https://reminasolirol.com/test/

Attributes
  • group

    Mimikast

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Extracted

Family

latrodectus

aes.hex

Signatures

  • Latrodectus family
  • Latrodectus loader

    Latrodectus is a loader written in C++.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.Evo-gen.16007.19374.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1832 -s 128
      2⤵
        PID:3048

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1832-1-0x0000000180000000-0x0000000181CB2000-memory.dmp

      Filesize

      28.7MB

    • memory/1832-4-0x0000000001F60000-0x0000000003C11000-memory.dmp

      Filesize

      28.7MB