Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
06/11/2022, 20:52
Static task
static1
Behavioral task
behavioral1
Sample
9f4703f71d08d356e543627ade7a346203d1f7829e8b1cd2dd4986e339fcb999.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
9f4703f71d08d356e543627ade7a346203d1f7829e8b1cd2dd4986e339fcb999.dll
Resource
win10v2004-20220812-en
General
-
Target
9f4703f71d08d356e543627ade7a346203d1f7829e8b1cd2dd4986e339fcb999.dll
-
Size
565KB
-
MD5
06f21ade486bcf5d9b6cee0942533b20
-
SHA1
3593ab042513f080dd8a5bc1e0d6f896bc849a90
-
SHA256
9f4703f71d08d356e543627ade7a346203d1f7829e8b1cd2dd4986e339fcb999
-
SHA512
54aa9f11dedc51c1148bcde45d71386c2766ba79bd3ad4ebee870973957938028c2334ae904aca61d7f803661a518bdd69836798e0444c843518b7c062ee924d
-
SSDEEP
12288:gN5zT81Z1GVUbfwRflTErY1xDCWGrxoS0bCUWh:g7zuZY+bfwRflTEk1xD7Yfh
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3196 wrote to memory of 4364 3196 rundll32.exe 77 PID 3196 wrote to memory of 4364 3196 rundll32.exe 77 PID 3196 wrote to memory of 4364 3196 rundll32.exe 77
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9f4703f71d08d356e543627ade7a346203d1f7829e8b1cd2dd4986e339fcb999.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3196 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9f4703f71d08d356e543627ade7a346203d1f7829e8b1cd2dd4986e339fcb999.dll,#12⤵PID:4364
-