Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
29/11/2022, 05:21
Static task
static1
Behavioral task
behavioral1
Sample
59d1791f477ba1ba68465c90843c4aec878d2084aa958fd99eb6bb2fc032befa.dll
Resource
win7-20220901-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
59d1791f477ba1ba68465c90843c4aec878d2084aa958fd99eb6bb2fc032befa.dll
Resource
win10v2004-20220901-en
1 signatures
150 seconds
General
-
Target
59d1791f477ba1ba68465c90843c4aec878d2084aa958fd99eb6bb2fc032befa.dll
-
Size
3KB
-
MD5
76d49e836313b3fe70c2490ca4e848d0
-
SHA1
cdb924c6f7b00b2534d45162a34c0d5a165e5a1e
-
SHA256
59d1791f477ba1ba68465c90843c4aec878d2084aa958fd99eb6bb2fc032befa
-
SHA512
be20568969c5f245a60ee7d9cad93d9f441e4ea48e847d9a333dad0113a2de7c06140357b263e62deb329cffef7ad5bcabff4d9478d9e42ae12edcbe9ccbe4fc
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1616 wrote to memory of 4900 1616 rundll32.exe 80 PID 1616 wrote to memory of 4900 1616 rundll32.exe 80 PID 1616 wrote to memory of 4900 1616 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\59d1791f477ba1ba68465c90843c4aec878d2084aa958fd99eb6bb2fc032befa.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1616 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\59d1791f477ba1ba68465c90843c4aec878d2084aa958fd99eb6bb2fc032befa.dll,#12⤵PID:4900
-