Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
80s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
29/10/2022, 20:13
Static task
static1
Behavioral task
behavioral1
Sample
d5f709066100504066076108fc2d7cf1761f5ec60def036dffe7c34823a33ba7.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d5f709066100504066076108fc2d7cf1761f5ec60def036dffe7c34823a33ba7.dll
Resource
win10v2004-20220901-en
General
-
Target
d5f709066100504066076108fc2d7cf1761f5ec60def036dffe7c34823a33ba7.dll
-
Size
265KB
-
MD5
a37e1fe9878fcb911b0b3aa7734bf4e0
-
SHA1
902a6f27f51f67f7d3db4d77ee593d14a894d72e
-
SHA256
d5f709066100504066076108fc2d7cf1761f5ec60def036dffe7c34823a33ba7
-
SHA512
d293edc2d22ea9ee80871ededc16b99c471a6cba43cb110193f54f736b746461e013bef10166f869cb13954200a8dedadc3ae129819a351ce0385392e2e1a4f7
-
SSDEEP
3072:GXWAGrvnenIwFuAIgmGQd0OyRj+6EFfKwfD/QVNXtddSKqP0k/E:GXWAqaIwKFCwb0tdNqP0E
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3284 wrote to memory of 2228 3284 rundll32.exe 81 PID 3284 wrote to memory of 2228 3284 rundll32.exe 81 PID 3284 wrote to memory of 2228 3284 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d5f709066100504066076108fc2d7cf1761f5ec60def036dffe7c34823a33ba7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3284 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d5f709066100504066076108fc2d7cf1761f5ec60def036dffe7c34823a33ba7.dll,#12⤵PID:2228
-