Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
170s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
24/11/2022, 07:23
Behavioral task
behavioral1
Sample
38b4da365289b5a66f07fa820801a0f64cbf52a90d951f1eb5bcda266b5ad89d.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
38b4da365289b5a66f07fa820801a0f64cbf52a90d951f1eb5bcda266b5ad89d.dll
Resource
win10v2004-20221111-en
General
-
Target
38b4da365289b5a66f07fa820801a0f64cbf52a90d951f1eb5bcda266b5ad89d.dll
-
Size
75KB
-
MD5
9c4880b8dde58813119b372618ee1197
-
SHA1
ed2a77021080faa00c1ca86b99955dc2e38bfe09
-
SHA256
38b4da365289b5a66f07fa820801a0f64cbf52a90d951f1eb5bcda266b5ad89d
-
SHA512
a4a8510dad0a92a9491f78fd56666a174c3cc32f331082049882cfcc20a4dae99ea956c544711320558de9433fbcc8f4a55997c3df37da76ca3268e5ed29fea8
-
SSDEEP
1536:9Owg6BqOQPxFn+4CF45a02ng1Qw0Z74vps4KF+MkLtPR2oNK:9Hu5FnOF45eg13DKILtPR2oNK
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3484 wrote to memory of 4496 3484 rundll32.exe 36 PID 3484 wrote to memory of 4496 3484 rundll32.exe 36 PID 3484 wrote to memory of 4496 3484 rundll32.exe 36
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38b4da365289b5a66f07fa820801a0f64cbf52a90d951f1eb5bcda266b5ad89d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3484 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38b4da365289b5a66f07fa820801a0f64cbf52a90d951f1eb5bcda266b5ad89d.dll,#12⤵PID:4496
-