Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
20/10/2022, 08:21
Static task
static1
Behavioral task
behavioral1
Sample
a543360c0f5b6953eb949e41775347ac50878129c61703852608ae23568546c1.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
a543360c0f5b6953eb949e41775347ac50878129c61703852608ae23568546c1.dll
Resource
win10v2004-20220812-en
General
-
Target
a543360c0f5b6953eb949e41775347ac50878129c61703852608ae23568546c1.dll
-
Size
47KB
-
MD5
575842490179464051a2a6360e27a0e0
-
SHA1
e284e5d1e3874ff66cbcfe509bcfbd7f8ccf211c
-
SHA256
a543360c0f5b6953eb949e41775347ac50878129c61703852608ae23568546c1
-
SHA512
93111b3d954b8f62dc9a00d82224aa3c23de65171fcdb185790e1252b067788fc5518f8d388cc748a73ed7236f9341b4bf7e6392d8d99ae1a5d025ca59171cdf
-
SSDEEP
768:y5/CuooKRB2c+L1cZXSX0cED2cACTfrcITNB3f8HY1LRiqInXBb:7BRYc+10cECcHQIZC2gx
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 1324 rundll32.exe 1324 rundll32.exe 1324 rundll32.exe 1324 rundll32.exe 1324 rundll32.exe 1324 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4876 wrote to memory of 1324 4876 rundll32.exe 84 PID 4876 wrote to memory of 1324 4876 rundll32.exe 84 PID 4876 wrote to memory of 1324 4876 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a543360c0f5b6953eb949e41775347ac50878129c61703852608ae23568546c1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4876 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a543360c0f5b6953eb949e41775347ac50878129c61703852608ae23568546c1.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
PID:1324
-