Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
169s -
max time network
176s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02/10/2022, 01:04
Behavioral task
behavioral1
Sample
98368ac9d90df00a717a50b40f5dbf95276b5690d47fddf937609683d9e75187.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
98368ac9d90df00a717a50b40f5dbf95276b5690d47fddf937609683d9e75187.dll
Resource
win10v2004-20220812-en
General
-
Target
98368ac9d90df00a717a50b40f5dbf95276b5690d47fddf937609683d9e75187.dll
-
Size
4KB
-
MD5
6fd95bc5d22307b7f1a64400204d5030
-
SHA1
dfa7947d717554d4c8178ac941621a4cd2e61a63
-
SHA256
98368ac9d90df00a717a50b40f5dbf95276b5690d47fddf937609683d9e75187
-
SHA512
b82fa8a18d88a7e99ed41a139908ec4440fa6f1728142c7fef7fed106019df438220d8f905ff659c6b8e1cfe50dcfa497ee45fbb84eb9b0fb56e41d359a11215
-
SSDEEP
48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+LLKfJOutyQv6hkzwRn81cpUWrwD/EvyII:TRphMzf8OJ0n81cpUNDcv8f+VZq
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4108 wrote to memory of 4504 4108 rundll32.exe 81 PID 4108 wrote to memory of 4504 4108 rundll32.exe 81 PID 4108 wrote to memory of 4504 4108 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\98368ac9d90df00a717a50b40f5dbf95276b5690d47fddf937609683d9e75187.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4108 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\98368ac9d90df00a717a50b40f5dbf95276b5690d47fddf937609683d9e75187.dll,#12⤵PID:4504
-