Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
19/09/2022, 09:38
Static task
static1
Behavioral task
behavioral1
Sample
9d70c28da232ccb8db68c484eeb197434aba8459c32e720f8e6e0420b4f37461.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
9d70c28da232ccb8db68c484eeb197434aba8459c32e720f8e6e0420b4f37461.dll
Resource
win10v2004-20220812-en
General
-
Target
9d70c28da232ccb8db68c484eeb197434aba8459c32e720f8e6e0420b4f37461.dll
-
Size
83KB
-
MD5
334a1393afff29fd56f93d5c7dfd70e1
-
SHA1
f4c0abee71cc96fad4927d0077c484f876f768ed
-
SHA256
9d70c28da232ccb8db68c484eeb197434aba8459c32e720f8e6e0420b4f37461
-
SHA512
c71505a0da36d8e559c9d27dcc7c20da64f769fd7a902749e0f5361a270eec915db76d3962c24d1a9fa661f1e8621dca5ad5588703086934a9b5dd688380a355
-
SSDEEP
1536:QrRdW2NC2XnSrzhVTiYrj7kAc8JZzmjIRb5ZYgCtTfiB1Kujqrs1ZSadP:QrnWYXSr9VTfvIAcOyjIRHUmEsGsGg
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4772 rundll32.exe 4772 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1096 wrote to memory of 4772 1096 rundll32.exe 80 PID 1096 wrote to memory of 4772 1096 rundll32.exe 80 PID 1096 wrote to memory of 4772 1096 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9d70c28da232ccb8db68c484eeb197434aba8459c32e720f8e6e0420b4f37461.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1096 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9d70c28da232ccb8db68c484eeb197434aba8459c32e720f8e6e0420b4f37461.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:4772
-