Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
17/10/2022, 19:51
Behavioral task
behavioral1
Sample
1a755b52acfc9f666fcf1029fd3199545d621fdf11c32378f1ddcf7ce95ee469.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1a755b52acfc9f666fcf1029fd3199545d621fdf11c32378f1ddcf7ce95ee469.dll
Resource
win10v2004-20220812-en
General
-
Target
1a755b52acfc9f666fcf1029fd3199545d621fdf11c32378f1ddcf7ce95ee469.dll
-
Size
3.1MB
-
MD5
c2a2ecd0b7ec29b23203a06d1e16f274
-
SHA1
fa0155673b9e02e793190b0e1604236f42fd9654
-
SHA256
1a755b52acfc9f666fcf1029fd3199545d621fdf11c32378f1ddcf7ce95ee469
-
SHA512
c02c2419e13e73b91371489decb2b455a90932134c13c8a90b15a2b005e7bcc4e9c9dc55747c6ea4a3c8236cfb6ff0c4767db96c14d7f88d12177ae89d7a7c90
-
SSDEEP
98304:nl1cm2rXzcxjQPR2dPQAoalYiOo1DgiwA/7+i9olwUkvJ3:KrXzcNQPy4eaS1siwA6PWzR3
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/3376-133-0x0000000002C10000-0x0000000004368000-memory.dmp upx behavioral2/memory/3376-134-0x0000000002C10000-0x0000000004368000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2084 wrote to memory of 3376 2084 rundll32.exe 81 PID 2084 wrote to memory of 3376 2084 rundll32.exe 81 PID 2084 wrote to memory of 3376 2084 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1a755b52acfc9f666fcf1029fd3199545d621fdf11c32378f1ddcf7ce95ee469.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2084 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1a755b52acfc9f666fcf1029fd3199545d621fdf11c32378f1ddcf7ce95ee469.dll,#12⤵PID:3376
-