Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
66s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
22/09/2022, 10:38
Static task
static1
Behavioral task
behavioral1
Sample
GXXwAdgLOkVZmROXjw-B5GsJTvwbP0Y6VRWKcpISQ9w.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
GXXwAdgLOkVZmROXjw-B5GsJTvwbP0Y6VRWKcpISQ9w.dll
Resource
win10v2004-20220812-en
General
-
Target
GXXwAdgLOkVZmROXjw-B5GsJTvwbP0Y6VRWKcpISQ9w.dll
-
Size
92KB
-
MD5
16b6dbd2e86b30684fefb6b58de2ffc5
-
SHA1
9eb06439d136b999457fe300a3118610ef57ab90
-
SHA256
1975f001d80b3a45599913978f0fc1e46b094efc1b3f463a55158a72921243dc
-
SHA512
15845c417f7961f229a179b976cec1686025a4af08e29fa445fb62d749667f386d735df076bef8d9d3c3dfc710d9c50e9d4c96938b5a4db46116c164b832d7a5
-
SSDEEP
1536:dF/FX1qyiuNHaK7YjLbduoJjvbGsQTHZnZLAKwa3fu8LihG5oiKA0QEFVZH3GXzg:XFXPDMnNbGsQT5nhAcvLiHiD0QEX5wzg
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3708 wrote to memory of 3976 3708 rundll32.exe 80 PID 3708 wrote to memory of 3976 3708 rundll32.exe 80 PID 3708 wrote to memory of 3976 3708 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\GXXwAdgLOkVZmROXjw-B5GsJTvwbP0Y6VRWKcpISQ9w.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3708 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\GXXwAdgLOkVZmROXjw-B5GsJTvwbP0Y6VRWKcpISQ9w.dll,#12⤵PID:3976
-