Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
99s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
03/10/2022, 07:03 UTC
Static task
static1
Behavioral task
behavioral1
Sample
fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6.dll
Resource
win10v2004-20220901-en
General
-
Target
fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6.dll
-
Size
10KB
-
MD5
0a5fcf55fced048cfbc51355752bd849
-
SHA1
7369fa465dd43cc60848cf08218cafefa59e005b
-
SHA256
fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6
-
SHA512
dd4696a7d4a99c628101153265f6bc74a2af01844e977c9f036c3e12fd27f652ce247fa27b7e6e6fe28c682a0bba87cb7bdbdfda039063263648a2388f053baa
-
SSDEEP
192:Sw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w92bj:6dHad/N20IypWak8dWiWak8EdW7H
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4156 wrote to memory of 4912 4156 rundll32.exe 61 PID 4156 wrote to memory of 4912 4156 rundll32.exe 61 PID 4156 wrote to memory of 4912 4156 rundll32.exe 61
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4156 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fa75a576a4ff15eb616fef264048c8bebf5f5d59d40980d0ab68b7654322e8b6.dll,#12⤵PID:4912
-