Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
2s -
max time network
28s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
05/02/2022, 08:45
Static task
static1
Behavioral task
behavioral1
Sample
e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448.dll
Resource
win7-en-20211208
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448.dll
Resource
win10v2004-en-20220113
0 signatures
0 seconds
General
-
Target
e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448.dll
-
Size
873KB
-
MD5
4999aaea3e94b8cebf6f7c85c0e70f87
-
SHA1
89198a1da32b1aedf70e9a113269b25c0abada82
-
SHA256
e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448
-
SHA512
2cbf48afd27075f2650f78b1f1414f27b0561590e4f142745f7ab326ca29edf22f9b53f1fe127ff9500285a9752ccc9579de525532f417cf3c638a3b5368eec4
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1260 wrote to memory of 612 1260 rundll32.exe 82 PID 1260 wrote to memory of 612 1260 rundll32.exe 82 PID 1260 wrote to memory of 612 1260 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1260 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448.dll,#12⤵PID:612
-