Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29/11/2022, 05:20
Static task
static1
Behavioral task
behavioral1
Sample
928990814c7ce007a7ee99f20484e4442b6e70b10dce431b1a7e4d61c9a6b350.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
928990814c7ce007a7ee99f20484e4442b6e70b10dce431b1a7e4d61c9a6b350.dll
Resource
win10v2004-20220812-en
General
-
Target
928990814c7ce007a7ee99f20484e4442b6e70b10dce431b1a7e4d61c9a6b350.dll
-
Size
57KB
-
MD5
3cc3a4f4e04b2d0c3dd3871d38a02d45
-
SHA1
30bf511d936e5dc4125b5acc10d122a91a293976
-
SHA256
928990814c7ce007a7ee99f20484e4442b6e70b10dce431b1a7e4d61c9a6b350
-
SHA512
6471924d492f7c1e6565a3dc59ad9597d143048bcf4898d732583b13be444d4fb6aec7385a620724634ecded3db1deeac368837680f9cdc969cc12024730e3ab
-
SSDEEP
1536:WNIKDp4YU6EMyDcqiZZZNihyISFIR6/JP+3CT:Xqp4YU6ErtGNEKIpCT
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4804 wrote to memory of 4856 4804 rundll32.exe 80 PID 4804 wrote to memory of 4856 4804 rundll32.exe 80 PID 4804 wrote to memory of 4856 4804 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\928990814c7ce007a7ee99f20484e4442b6e70b10dce431b1a7e4d61c9a6b350.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4804 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\928990814c7ce007a7ee99f20484e4442b6e70b10dce431b1a7e4d61c9a6b350.dll,#12⤵PID:4856
-