Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
64s -
max time network
11s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
28/10/2022, 21:19
Behavioral task
behavioral1
Sample
01670c33fe72400a225bbf6fcb2ef08e38e07288dde7d19e13d50dfe0c430b69.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
01670c33fe72400a225bbf6fcb2ef08e38e07288dde7d19e13d50dfe0c430b69.dll
Resource
win10v2004-20220812-en
General
-
Target
01670c33fe72400a225bbf6fcb2ef08e38e07288dde7d19e13d50dfe0c430b69.dll
-
Size
160KB
-
MD5
0d2c0bcb10e44bd8e8e20d62ea6effd7
-
SHA1
467252da77a37130a07df01998926248a287eb14
-
SHA256
01670c33fe72400a225bbf6fcb2ef08e38e07288dde7d19e13d50dfe0c430b69
-
SHA512
37d779a6933306fb2f45a0d1e50a7d2844669cde42738cac31e3275081efa7452c7adf9bdb33fc633abf4ebf3d8cd73d467b841caf4871e1574aa59e7e49ef54
-
SSDEEP
3072:+2qUzQVS5RaAAsetOxJsoM94g6jIOmTgMFkI+EuBH9COA8iOP//JNL/poHWA76/:TH5AhoM2Fj8fvu2OAJOPp5/pr8m
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/3252-133-0x0000000010000000-0x0000000010068000-memory.dmp vmprotect behavioral2/memory/3252-136-0x0000000010000000-0x0000000010068000-memory.dmp vmprotect -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 420 wrote to memory of 3252 420 rundll32.exe 15 PID 420 wrote to memory of 3252 420 rundll32.exe 15 PID 420 wrote to memory of 3252 420 rundll32.exe 15
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\01670c33fe72400a225bbf6fcb2ef08e38e07288dde7d19e13d50dfe0c430b69.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:420 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\01670c33fe72400a225bbf6fcb2ef08e38e07288dde7d19e13d50dfe0c430b69.dll,#12⤵PID:3252
-