Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2022, 03:43
Static task
static1
Behavioral task
behavioral1
Sample
b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d.dll
Resource
win10v2004-20220812-en
General
-
Target
b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d.dll
-
Size
296KB
-
MD5
3309f1f1b468748b8b85ec1cb911da6c
-
SHA1
479d9f3fd8afcda10f4a67d8f2aeb9257c3e6de7
-
SHA256
b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d
-
SHA512
8902fda07d16cf0d735fb23dc1803b8e306f2d00c6958cbeec29b8e721581d4240ba6313712ec204dd642fbe491b3aba37509165c1ef063a94b2d83b38df88c5
-
SSDEEP
6144:QlRc77+muzSa8ZkA9GopDyniu403dIhycW9:Qly77vuzSfNGoYn7X
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 1208 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1208 AUDIODG.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2376 wrote to memory of 5048 2376 rundll32.exe 80 PID 2376 wrote to memory of 5048 2376 rundll32.exe 80 PID 2376 wrote to memory of 5048 2376 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2376 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d.dll,#12⤵PID:5048
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x338 0x38c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1208