Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    07/02/2025, 05:27

General

  • Target

    9e2d25889bff5dd42a2876d66ce37ec7e3fd03da8922c76620d8097a3da5f0c4.dll

  • Size

    2.2MB

  • MD5

    0a2b923be8aefb8e3cd0d2787183ef35

  • SHA1

    fa290453d165b30ad09f7fcb4a37ada363164bdd

  • SHA256

    9e2d25889bff5dd42a2876d66ce37ec7e3fd03da8922c76620d8097a3da5f0c4

  • SHA512

    498f1b18e75a00d0d2218cdd0a12d7ad254b3c2acd1bd98615c238f84053894053814d21c3e43ad4002e771c620ceee3d41316e62220267e016e69401b60e36c

  • SSDEEP

    49152:/ZzQqIEjvDQPOnR5mSBn/VSlsBzXHWtSyZS:/YcxyZ

Score
10/10

Malware Config

Extracted

Family

latrodectus

Version

1.4

C2

https://apworsindos.com/test/

https://reminasolirol.com/test/

Attributes
  • group

    Mimikast

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Extracted

Family

latrodectus

aes.hex

Signatures

  • Latrodectus family
  • Latrodectus loader

    Latrodectus is a loader written in C++.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9e2d25889bff5dd42a2876d66ce37ec7e3fd03da8922c76620d8097a3da5f0c4.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2772
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2772 -s 132
      2⤵
        PID:2868

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2772-1-0x0000000180000000-0x0000000181CB2000-memory.dmp

      Filesize

      28.7MB

    • memory/2772-4-0x0000000001BF0000-0x00000000038A1000-memory.dmp

      Filesize

      28.7MB