Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
153s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
30/10/2022, 16:10
Behavioral task
behavioral1
Sample
420d073ff7da3b8ab79d1ea26b95481d7267ac9d712ac16205215e0a928a7f05.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
420d073ff7da3b8ab79d1ea26b95481d7267ac9d712ac16205215e0a928a7f05.dll
Resource
win10v2004-20220812-en
General
-
Target
420d073ff7da3b8ab79d1ea26b95481d7267ac9d712ac16205215e0a928a7f05.dll
-
Size
87KB
-
MD5
81da9f52e800c382e5bb8edc1236654a
-
SHA1
af838c77dbdf11da8271c0e76e77ef74895af982
-
SHA256
420d073ff7da3b8ab79d1ea26b95481d7267ac9d712ac16205215e0a928a7f05
-
SHA512
e2fa23dc58d93cb6eaee2771c7723b935cc7ab5b2fc78d3692afa7f66b75a5142a13748b9497f3a000d77b467ec79f73a150cea228f471b3e3bef86b58403053
-
SSDEEP
1536:PiEjmRHQMDgVspbuFLdVvumzd66N+bQ/rZH3FRSfw5wAJPS7:6SFMDgVswFLdNfzdB2yN3rSYhPu
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3376 wrote to memory of 4836 3376 rundll32.exe 78 PID 3376 wrote to memory of 4836 3376 rundll32.exe 78 PID 3376 wrote to memory of 4836 3376 rundll32.exe 78
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\420d073ff7da3b8ab79d1ea26b95481d7267ac9d712ac16205215e0a928a7f05.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3376 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\420d073ff7da3b8ab79d1ea26b95481d7267ac9d712ac16205215e0a928a7f05.dll,#12⤵PID:4836
-