Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
29/11/2022, 05:09
Static task
static1
Behavioral task
behavioral1
Sample
94733d0e1f86068aba3cee42d8d05812df125e07b8f9f24277949fd0d374b803.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
94733d0e1f86068aba3cee42d8d05812df125e07b8f9f24277949fd0d374b803.dll
Resource
win10v2004-20220901-en
General
-
Target
94733d0e1f86068aba3cee42d8d05812df125e07b8f9f24277949fd0d374b803.dll
-
Size
57KB
-
MD5
f2a3a92d193bf808605c5fefa6d4d8ca
-
SHA1
bd6f58345f8b3a3593aa6b8717b23e0af8cc6243
-
SHA256
94733d0e1f86068aba3cee42d8d05812df125e07b8f9f24277949fd0d374b803
-
SHA512
f02b788aec5227f6f985ff4a5e4e0958d3c7c95a286a393fda31006ef79f91e6a6a20dc95e92237bab40a03153b1d0d445fe70c2f5abe3a603ead14971b14a24
-
SSDEEP
1536:BiNIKDP4YU6EMyDcqiZZZNihyISFIR6/JP+3CT:BjqP4YU6ErtGNEKIpCT
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5008 wrote to memory of 2300 5008 rundll32.exe 83 PID 5008 wrote to memory of 2300 5008 rundll32.exe 83 PID 5008 wrote to memory of 2300 5008 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\94733d0e1f86068aba3cee42d8d05812df125e07b8f9f24277949fd0d374b803.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5008 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\94733d0e1f86068aba3cee42d8d05812df125e07b8f9f24277949fd0d374b803.dll,#12⤵PID:2300
-