Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2022, 10:00
Static task
static1
Behavioral task
behavioral1
Sample
f3d367fe94934f30bd0b7b3e8662c95603e62390548db76cd68c1eee370372ee.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f3d367fe94934f30bd0b7b3e8662c95603e62390548db76cd68c1eee370372ee.dll
Resource
win10v2004-20220812-en
General
-
Target
f3d367fe94934f30bd0b7b3e8662c95603e62390548db76cd68c1eee370372ee.dll
-
Size
6KB
-
MD5
6c6333b20794644eae09ffd0431efc0e
-
SHA1
36512e83c10c637f9ae2c32050dd24e2dbb40899
-
SHA256
f3d367fe94934f30bd0b7b3e8662c95603e62390548db76cd68c1eee370372ee
-
SHA512
60f5aa6ea8a36e2e236cb31cdb5d6560b37d60bff987dda128f6529bc6022c7565aaaecfef3647bc0f2da7d88a2b4a21804044aa212f8a022740181aac13152d
-
SSDEEP
96:PIV9yIjhsZrg0j6I/AhWNirHWrIlEuiuCPGzxXi9xSJdb:PyIIjWXGhqsWxuibmyaJ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2120 wrote to memory of 3796 2120 rundll32.exe 82 PID 2120 wrote to memory of 3796 2120 rundll32.exe 82 PID 2120 wrote to memory of 3796 2120 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f3d367fe94934f30bd0b7b3e8662c95603e62390548db76cd68c1eee370372ee.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f3d367fe94934f30bd0b7b3e8662c95603e62390548db76cd68c1eee370372ee.dll,#12⤵PID:3796
-