Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

72c6fc7384...5f.dll

windows7-x64

10

72c6fc7384...5f.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/02/2025, 16:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72c6fc7384a213d24ee01ddad0f8ff11684519097bbda7429bb1239cf6f4c55f.dll

  • Size

    2.2MB

  • MD5

    edd2fc9178794e43c99ec2ddca1fc539

  • SHA1

    71049bce06fd09106a278a62f28b4dced1b99aa1

  • SHA256

    72c6fc7384a213d24ee01ddad0f8ff11684519097bbda7429bb1239cf6f4c55f

  • SHA512

    2a9b0445047ebf2329fec7b730cfa3a5b058464a1923dd492da5b9cde8ff2e3bc16d66ec4f55238c3db81b5a08da6a3aa46659b86b2aa0bc2665666e2eb6c1d4

  • SSDEEP

    49152:/ZzQqIEjvDQPOnR5mSBn/VSlsBzXHWtSyZS:/YcxyZ

Score
10/10
latrodectusloader

Malware Config

Extracted

Family

latrodectus

Version

1.4

C2

https://apworsindos.com/test/

https://reminasolirol.com/test/
Attributes
  • group

    Mimikast

  • user_agent

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Extracted

Family

latrodectus

aes.hex

Signatures

  • Latrodectus family
    latrodectus
  • Latrodectus loader

    Latrodectus is a loader written in C++.

    loaderlatrodectus
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\72c6fc7384a213d24ee01ddad0f8ff11684519097bbda7429bb1239cf6f4c55f.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 3032 -s 128
      2⤵
        PID:2220

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3032-0-0x0000000180000000-0x0000000181CB2000-memory.dmp

      Filesize

      28.7MB

      Download

    • memory/3032-3-0x0000000001DC0000-0x0000000003A71000-memory.dmp

      Filesize

      28.7MB

      Download