Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
115s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
19/10/2022, 21:39
Static task
static1
Behavioral task
behavioral1
Sample
cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46.dll
Resource
win10v2004-20220901-en
General
-
Target
cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46.dll
-
Size
820KB
-
MD5
921e1537c26b4ed529fcb5f28838d696
-
SHA1
80088390b30002de18c2c5c4df3fadbc497b3ba9
-
SHA256
cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46
-
SHA512
ac94ef0e54f6fc7e9d4f35b16add1e63ef155b27fe604dc5866874fcd76378f99bc09137eb33b964c50fc3756f5927176d3f31c68e9549f711ecb0878ca0c2a7
-
SSDEEP
12288:v3waoOl7hP8XCyjEcPPJuJvEFQJRMbQID8M2SrnJoaibP:v31yBEiP0JvEFQeQsZibP
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2432 rundll32.exe 2432 rundll32.exe 2432 rundll32.exe 2432 rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2432 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3180 wrote to memory of 2432 3180 rundll32.exe 83 PID 3180 wrote to memory of 2432 3180 rundll32.exe 83 PID 3180 wrote to memory of 2432 3180 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3180 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cf547788662962a89e5571085946495cba3e17d9881374910ada69c9d914fd46.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2432
-