Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
98s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
18/09/2022, 22:31
Static task
static1
Behavioral task
behavioral1
Sample
1e792027e657527130edaf292f14c8b3718c7227aca2b73ba6fd30001f2c1466.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
1e792027e657527130edaf292f14c8b3718c7227aca2b73ba6fd30001f2c1466.dll
Resource
win10v2004-20220812-en
General
-
Target
1e792027e657527130edaf292f14c8b3718c7227aca2b73ba6fd30001f2c1466.dll
-
Size
33KB
-
MD5
fef4a9763ebba35bc8055c46647c5bb9
-
SHA1
9485f7c11c80c1f330ef317d9652e92cc1609997
-
SHA256
1e792027e657527130edaf292f14c8b3718c7227aca2b73ba6fd30001f2c1466
-
SHA512
0d509506f30df845ce53031d642593edb20da1831b0d6862ad9b3551e5364637bf1b15b54713a51f66a067a63ce5a6da7d64cc3c6b7dd343a0432512bb983c65
-
SSDEEP
768:GBC39bq5oxE2AdR40kYO2lg7EW1DdgI5hqDMTR5b+b:GBwgAEw0kY87EWddgWk+Rd+b
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4224 wrote to memory of 4248 4224 rundll32.exe 80 PID 4224 wrote to memory of 4248 4224 rundll32.exe 80 PID 4224 wrote to memory of 4248 4224 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1e792027e657527130edaf292f14c8b3718c7227aca2b73ba6fd30001f2c1466.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4224 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1e792027e657527130edaf292f14c8b3718c7227aca2b73ba6fd30001f2c1466.dll,#12⤵PID:4248
-