Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29/10/2022, 20:01
Static task
static1
Behavioral task
behavioral1
Sample
2d0f14e3c7a7ae667076a499947cad9ecf40995f9d5d832ae67ec4ef6bf855c9.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2d0f14e3c7a7ae667076a499947cad9ecf40995f9d5d832ae67ec4ef6bf855c9.dll
Resource
win10v2004-20220812-en
General
-
Target
2d0f14e3c7a7ae667076a499947cad9ecf40995f9d5d832ae67ec4ef6bf855c9.dll
-
Size
100KB
-
MD5
837fb213f06f50baefb5355eecf0f4d8
-
SHA1
35ae6f9b8251c8cb34cfd1630160841287482dbb
-
SHA256
2d0f14e3c7a7ae667076a499947cad9ecf40995f9d5d832ae67ec4ef6bf855c9
-
SHA512
bec0a49c8ba5e03dcaa1bab11ffd7bccf9fef1537fea6ab37fc71cb42a4d7c8d02c64faf52064949be488d4ca07d071fe0bf6db82901db975232d8000cfa3a2f
-
SSDEEP
3072:C/3am3MxV9X3GdzdXh7dXv34MFg9BT6PJnO:wamy9X3M5Xh7hzFCSk
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4876 wrote to memory of 4804 4876 rundll32.exe 83 PID 4876 wrote to memory of 4804 4876 rundll32.exe 83 PID 4876 wrote to memory of 4804 4876 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2d0f14e3c7a7ae667076a499947cad9ecf40995f9d5d832ae67ec4ef6bf855c9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4876 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2d0f14e3c7a7ae667076a499947cad9ecf40995f9d5d832ae67ec4ef6bf855c9.dll,#12⤵PID:4804
-