Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
04/10/2022, 07:49
Behavioral task
behavioral1
Sample
245f8e83836343330ad4e23751cc03d3902418c5e91e771b0f065a591fa76f92.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
245f8e83836343330ad4e23751cc03d3902418c5e91e771b0f065a591fa76f92.dll
Resource
win10v2004-20220812-en
General
-
Target
245f8e83836343330ad4e23751cc03d3902418c5e91e771b0f065a591fa76f92.dll
-
Size
78KB
-
MD5
3ba68305170f45d05cd73686a511f2e3
-
SHA1
e65fd152cdec0bcf7f9af22003d33f55f42150fe
-
SHA256
245f8e83836343330ad4e23751cc03d3902418c5e91e771b0f065a591fa76f92
-
SHA512
a9098257e1c6beceffa0a0a5f836dc296850fc073866cd379d5fbe1a42e7a8b5a2896690c40df18741a87b340a093d9d0ee28ea83ac3b4990bd2863db7113b82
-
SSDEEP
1536:Pzj0rTaWtPE5mocZ8rNnGSks5vKzletKtdANO9V2Spx3J+/UOV+/BiCR4:7jHgPRoG8cs28YANOdn3U/UOE/P6
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1548 wrote to memory of 1484 1548 rundll32.exe 82 PID 1548 wrote to memory of 1484 1548 rundll32.exe 82 PID 1548 wrote to memory of 1484 1548 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\245f8e83836343330ad4e23751cc03d3902418c5e91e771b0f065a591fa76f92.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1548 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\245f8e83836343330ad4e23751cc03d3902418c5e91e771b0f065a591fa76f92.dll,#12⤵PID:1484
-