Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
7s -
max time network
2s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23/11/2022, 19:59
Behavioral task
behavioral1
Sample
99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f.dll
Resource
win10v2004-20220812-en
General
-
Target
99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f.dll
-
Size
50KB
-
MD5
1841773d77d29668a41aea188a9b5071
-
SHA1
248b02383527a2fa71f1f4bc1cea5d7d605417b9
-
SHA256
99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f
-
SHA512
ffa4ffe833a8c475aa9061cfe8652a3f610cf989abe8558681a88885e75889838621c54458aad687c73e203a75de95c4bf5a76d6fb5ce22d251897ead151fdae
-
SSDEEP
768:9KLzd9toIO7vtW3ZOeomXVWCiDuk9vcbYlT34FhekoATlrAuFGaZfCrcu:KbtoIYeOuy9vcbOOohoAu8
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2228 wrote to memory of 1588 2228 rundll32.exe 75 PID 2228 wrote to memory of 1588 2228 rundll32.exe 75 PID 2228 wrote to memory of 1588 2228 rundll32.exe 75
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f.dll,#12⤵PID:1588
-