Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
125s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
21/11/2022, 14:45
Static task
static1
Behavioral task
behavioral1
Sample
8d6c23cfb649216c94e3bd8a832bfddb62f68648199c051d775ded6a0552bc98.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
8d6c23cfb649216c94e3bd8a832bfddb62f68648199c051d775ded6a0552bc98.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
8d6c23cfb649216c94e3bd8a832bfddb62f68648199c051d775ded6a0552bc98.dll
-
Size
3KB
-
MD5
3055af844fa2dd26f4c416ada73e3f50
-
SHA1
5bc34e074f952c8d48737ef7b8c461c086a54c13
-
SHA256
8d6c23cfb649216c94e3bd8a832bfddb62f68648199c051d775ded6a0552bc98
-
SHA512
e34d3f4259e690ad7dc50a29e8086e707e03937597787c46ff4083fb19a4bdbc975853d20a23a6294118840d8799e15ebb1ad72f551e166b9b93cf88fc38c400
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4844 wrote to memory of 4700 4844 rundll32.exe 83 PID 4844 wrote to memory of 4700 4844 rundll32.exe 83 PID 4844 wrote to memory of 4700 4844 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8d6c23cfb649216c94e3bd8a832bfddb62f68648199c051d775ded6a0552bc98.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4844 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8d6c23cfb649216c94e3bd8a832bfddb62f68648199c051d775ded6a0552bc98.dll,#12⤵PID:4700
-