Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
100s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02/10/2022, 15:54
Static task
static1
Behavioral task
behavioral1
Sample
85defd3ee0add81c0da98a30e69b6e3a31f6c2904d726953e2d3063dcf2d6227.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
85defd3ee0add81c0da98a30e69b6e3a31f6c2904d726953e2d3063dcf2d6227.dll
Resource
win10v2004-20220812-en
General
-
Target
85defd3ee0add81c0da98a30e69b6e3a31f6c2904d726953e2d3063dcf2d6227.dll
-
Size
4KB
-
MD5
6fadce9aa5a10a56a71562f79278e873
-
SHA1
a3309eb64972e24e882a8f6e451e000187a879e8
-
SHA256
85defd3ee0add81c0da98a30e69b6e3a31f6c2904d726953e2d3063dcf2d6227
-
SHA512
72b321f3eac6b8426b9d6e79e76a0512d83ea907a40083d7f462c869ff42594edbd5c95443efceecb317556f2dfdda62a97964b12dbd335fe69c46ca1cf69e13
-
SSDEEP
48:a5zjMTGcITBVQVE1lcnX3ikmNhSzEKrRT6pQaiO:iT3Qu8nikISIbiO
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1152 wrote to memory of 2680 1152 rundll32.exe 51 PID 1152 wrote to memory of 2680 1152 rundll32.exe 51 PID 1152 wrote to memory of 2680 1152 rundll32.exe 51
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\85defd3ee0add81c0da98a30e69b6e3a31f6c2904d726953e2d3063dcf2d6227.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1152 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\85defd3ee0add81c0da98a30e69b6e3a31f6c2904d726953e2d3063dcf2d6227.dll,#12⤵PID:2680
-