Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2022, 01:12
Behavioral task
behavioral1
Sample
b255b423d48335ff1dd1f1d84f725f387fd920b19925dd03ce991ca9f6f0384e.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b255b423d48335ff1dd1f1d84f725f387fd920b19925dd03ce991ca9f6f0384e.dll
Resource
win10v2004-20220812-en
General
-
Target
b255b423d48335ff1dd1f1d84f725f387fd920b19925dd03ce991ca9f6f0384e.dll
-
Size
10KB
-
MD5
6d5967b50761378f482f4e0126be21e4
-
SHA1
3983347f55fe6eaaf2a48586eb9bf67124179a16
-
SHA256
b255b423d48335ff1dd1f1d84f725f387fd920b19925dd03ce991ca9f6f0384e
-
SHA512
624a6af60a903dcbf0f2e39800ecf739fb5c51272303cc53d81c3131b6de04dfcb2b59a0fd3bd111d8a86a44ec41102e6cec6e18fecd021ba40634f3d7f0940b
-
SSDEEP
192:dnopbFLWfrLGCyFo195MQzZrDIBHb+mtS2zHvwp7D+97L1472rqpucXuhFXMFDTe:gcGC15MQa7ptrzHvU7Dg/14arqp+F8Fe
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2248 wrote to memory of 3424 2248 rundll32.exe 82 PID 2248 wrote to memory of 3424 2248 rundll32.exe 82 PID 2248 wrote to memory of 3424 2248 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b255b423d48335ff1dd1f1d84f725f387fd920b19925dd03ce991ca9f6f0384e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2248 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b255b423d48335ff1dd1f1d84f725f387fd920b19925dd03ce991ca9f6f0384e.dll,#12⤵PID:3424
-