Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
62s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
28/10/2022, 20:55
Static task
static1
Behavioral task
behavioral1
Sample
f68660f5c428ab104917aa7ef4874f36da0625f78da3f03a5e299c354b81904a.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f68660f5c428ab104917aa7ef4874f36da0625f78da3f03a5e299c354b81904a.dll
Resource
win10v2004-20220901-en
General
-
Target
f68660f5c428ab104917aa7ef4874f36da0625f78da3f03a5e299c354b81904a.dll
-
Size
47KB
-
MD5
0c122a58cbf8c62850695bad56368670
-
SHA1
71903c246c7955586352615e0f18d4ba361bbd87
-
SHA256
f68660f5c428ab104917aa7ef4874f36da0625f78da3f03a5e299c354b81904a
-
SHA512
9f41721fa02c25741c36e096fbbbaea223953ab67dfba33c2f5a96726f45671da06bb53c30a94854b866127d3bfb4a24e427b5b815e947d8fd33929bc4270efc
-
SSDEEP
768:ISE0qUhSPbWCdFtiXuFCPzbjLdtDj9hwjny:HzvhSP6CdFtiXuFCPzZtDjfw
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3792 wrote to memory of 4924 3792 rundll32.exe 82 PID 3792 wrote to memory of 4924 3792 rundll32.exe 82 PID 3792 wrote to memory of 4924 3792 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f68660f5c428ab104917aa7ef4874f36da0625f78da3f03a5e299c354b81904a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3792 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f68660f5c428ab104917aa7ef4874f36da0625f78da3f03a5e299c354b81904a.dll,#12⤵PID:4924
-