Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
171s -
max time network
177s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
07/11/2022, 01:51
Static task
static1
Behavioral task
behavioral1
Sample
36aaeaacd791b40eb52c9efc7c48cf5991af2b491c53b23eee91c0c0023c7876.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
36aaeaacd791b40eb52c9efc7c48cf5991af2b491c53b23eee91c0c0023c7876.dll
Resource
win10v2004-20220812-en
General
-
Target
36aaeaacd791b40eb52c9efc7c48cf5991af2b491c53b23eee91c0c0023c7876.dll
-
Size
28KB
-
MD5
0d1f68ef16a76d0263a45b427ce46130
-
SHA1
6f4fcaa8e0d8b3853e246dfad591a24433ad69b0
-
SHA256
36aaeaacd791b40eb52c9efc7c48cf5991af2b491c53b23eee91c0c0023c7876
-
SHA512
d40134be5578ed2da3c1de57ffd167b225d435a8c501e6ffbf54766ddaec5cb68e54a5d2b31ab2a244d5bed5c42c9ed089096c91ecda56ced338492aa1131ae3
-
SSDEEP
96:wI1+l2n11FhplC7N7lM1ygBqOB9ErQAQY:dIrQAQ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 984 wrote to memory of 4376 984 rundll32.exe 80 PID 984 wrote to memory of 4376 984 rundll32.exe 80 PID 984 wrote to memory of 4376 984 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\36aaeaacd791b40eb52c9efc7c48cf5991af2b491c53b23eee91c0c0023c7876.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:984 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\36aaeaacd791b40eb52c9efc7c48cf5991af2b491c53b23eee91c0c0023c7876.dll,#12⤵PID:4376
-