Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
06/11/2022, 15:53
Static task
static1
Behavioral task
behavioral1
Sample
d3bc60a6849bc034f1cda3eb495e8792e8d48ccbd9efa92173521342ed67a366.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
d3bc60a6849bc034f1cda3eb495e8792e8d48ccbd9efa92173521342ed67a366.dll
Resource
win10v2004-20220901-en
General
-
Target
d3bc60a6849bc034f1cda3eb495e8792e8d48ccbd9efa92173521342ed67a366.dll
-
Size
4KB
-
MD5
0dc76f6a7651560a060de7f68144ae96
-
SHA1
4600b131cfade592657e52a1d4892dbc2b472610
-
SHA256
d3bc60a6849bc034f1cda3eb495e8792e8d48ccbd9efa92173521342ed67a366
-
SHA512
1ab907fb223c3402b41585a518de9b32327ff29ce79617a9f06187aff5b1ffa7ab26e99b613e2217a3d78c9c3995e447ff87d2ddd707a48faca6268f92e26db0
-
SSDEEP
24:e1GSYL3CeLA9/kPVCRVtc44MnXz+iM2u8kypgyXwVQwA3HdQz5NFbBCNNmQ1Aynb:SKLA9oyTnXz+ihZjufCXTFjoJtCTn
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1812 wrote to memory of 4356 1812 rundll32.exe 80 PID 1812 wrote to memory of 4356 1812 rundll32.exe 80 PID 1812 wrote to memory of 4356 1812 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3bc60a6849bc034f1cda3eb495e8792e8d48ccbd9efa92173521342ed67a366.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1812 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3bc60a6849bc034f1cda3eb495e8792e8d48ccbd9efa92173521342ed67a366.dll,#12⤵PID:4356
-