Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2022, 03:43

General

  • Target

    b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d.dll

  • Size

    296KB

  • MD5

    3309f1f1b468748b8b85ec1cb911da6c

  • SHA1

    479d9f3fd8afcda10f4a67d8f2aeb9257c3e6de7

  • SHA256

    b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d

  • SHA512

    8902fda07d16cf0d735fb23dc1803b8e306f2d00c6958cbeec29b8e721581d4240ba6313712ec204dd642fbe491b3aba37509165c1ef063a94b2d83b38df88c5

  • SSDEEP

    6144:QlRc77+muzSa8ZkA9GopDyniu403dIhycW9:Qly77vuzSfNGoYn7X

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2376
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d.dll,#1
      2⤵
        PID:5048
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x338 0x38c
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1208

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads