Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
161s -
max time network
193s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2022, 09:14
Static task
static1
Behavioral task
behavioral1
Sample
d1b696882ec1c3ef6d612c212b2522c7e311fcd59c4c4dd0df60918fc11bfdd3.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d1b696882ec1c3ef6d612c212b2522c7e311fcd59c4c4dd0df60918fc11bfdd3.dll
Resource
win10v2004-20220812-en
General
-
Target
d1b696882ec1c3ef6d612c212b2522c7e311fcd59c4c4dd0df60918fc11bfdd3.dll
-
Size
250KB
-
MD5
6274fb96e251636c73b35fe611b2c5a4
-
SHA1
a8942b56477d02d5c7c7ca4acd866380b0710285
-
SHA256
d1b696882ec1c3ef6d612c212b2522c7e311fcd59c4c4dd0df60918fc11bfdd3
-
SHA512
cec627f4ce3adc05ebfd90d7881a23bca0310101bfc20359934871c626254ad2f427aec6801783c2d8d033df379f0346e68b523e880a92746a7c3f0e7ce712ce
-
SSDEEP
6144:LTVQ/lw998gWNlPTGQQm6agrdoA782V5L:FQNFNtTirdo0L
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1672 wrote to memory of 1128 1672 rundll32.exe 81 PID 1672 wrote to memory of 1128 1672 rundll32.exe 81 PID 1672 wrote to memory of 1128 1672 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d1b696882ec1c3ef6d612c212b2522c7e311fcd59c4c4dd0df60918fc11bfdd3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1672 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d1b696882ec1c3ef6d612c212b2522c7e311fcd59c4c4dd0df60918fc11bfdd3.dll,#12⤵PID:1128
-