Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
153s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02/10/2022, 09:28
Behavioral task
behavioral1
Sample
a890d71b0c5791ad70d14106ffb22a3c70c90e72f696d81e0d20ac94c8c26cf6.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a890d71b0c5791ad70d14106ffb22a3c70c90e72f696d81e0d20ac94c8c26cf6.dll
Resource
win10v2004-20220812-en
General
-
Target
a890d71b0c5791ad70d14106ffb22a3c70c90e72f696d81e0d20ac94c8c26cf6.dll
-
Size
67KB
-
MD5
48b1be50c2173a1bf4c96cf703c65900
-
SHA1
06baef32f63c3103f6d9b44fcfbfd043655b3cdd
-
SHA256
a890d71b0c5791ad70d14106ffb22a3c70c90e72f696d81e0d20ac94c8c26cf6
-
SHA512
dc2bf7df19bfcb244462c41e358cd5f6727d9548718573fbb499f9c720f1b3f58dd670baffbb396f7dfed85a9665e5906a04a3619cf545d851e19b76b97d9f21
-
SSDEEP
1536:lW83YdZFpjuc7xux65cEaRWZxW0hTEqmGMndk7:lWCYr6cQx20Ok0hTEbGMdk
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4964 wrote to memory of 4704 4964 rundll32.exe 82 PID 4964 wrote to memory of 4704 4964 rundll32.exe 82 PID 4964 wrote to memory of 4704 4964 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a890d71b0c5791ad70d14106ffb22a3c70c90e72f696d81e0d20ac94c8c26cf6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4964 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a890d71b0c5791ad70d14106ffb22a3c70c90e72f696d81e0d20ac94c8c26cf6.dll,#12⤵PID:4704
-