Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
110s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
19/10/2022, 13:24 UTC
Static task
static1
Behavioral task
behavioral1
Sample
120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6.dll
Resource
win7-20220901-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6.dll
-
Size
3KB
-
MD5
a1343bef79835d35031f88c5bb6a4830
-
SHA1
042470cab03f69792059a641e69098fba9f35ad7
-
SHA256
120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6
-
SHA512
01ea41e127b115d2e26f83d91eaab2f7d6c06981fdde4aaf2a37197bdfe8a3db169df0024dffd0455299cb784e6be06ee3154191f0ca93854cb40076f2b969ae
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4568 wrote to memory of 4444 4568 rundll32.exe 82 PID 4568 wrote to memory of 4444 4568 rundll32.exe 82 PID 4568 wrote to memory of 4444 4568 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4568 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\120270ba68c9cd83578b9b9b69354a19f1fcc713152a610bb84330abec264ee6.dll,#12⤵PID:4444
-
Network
-
Remote address:8.8.8.8:53Request15.89.54.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request106.89.54.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requesta.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpaIN PTRResponse
-
70 B 156 B 1 1
DNS Request
15.89.54.20.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
106.89.54.20.in-addr.arpa
-
118 B 204 B 1 1
DNS Request
a.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.5.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa