Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01/10/2022, 20:42
Static task
static1
Behavioral task
behavioral1
Sample
f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3.dll
Resource
win10v2004-20220812-en
General
-
Target
f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3.dll
-
Size
65KB
-
MD5
0a076baeac651727eee5f8af019632d4
-
SHA1
aea8b091e7ddf20f10de0b308680766cf45fd68d
-
SHA256
f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3
-
SHA512
f77891785e4745ac6a078fbd17eaae9c4a54764976af3a8df76dc311d94c0bc3a856796e300acdc2433d2a3e9f9aa682d05dfe092ac8c9ce44ac9a2dd2e3168f
-
SSDEEP
1536:5SwlKC19SnIhSm9st4uqR/4QgmNSV+a9WTWaR4+PfDp+:lAM9so54Q0p96Z4+30
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4924 wrote to memory of 4820 4924 rundll32.exe 82 PID 4924 wrote to memory of 4820 4924 rundll32.exe 82 PID 4924 wrote to memory of 4820 4924 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4924 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3.dll,#12⤵PID:4820
-