Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29/11/2022, 05:13
Static task
static1
Behavioral task
behavioral1
Sample
074ac7728f0c3805dc58b21daba42e6f490f2a908c4bb1220f32dac4562c2685.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
074ac7728f0c3805dc58b21daba42e6f490f2a908c4bb1220f32dac4562c2685.dll
Resource
win10v2004-20220812-en
General
-
Target
074ac7728f0c3805dc58b21daba42e6f490f2a908c4bb1220f32dac4562c2685.dll
-
Size
6KB
-
MD5
5e6ee9d87c8420e6100270d0d50dcbd0
-
SHA1
097e777746d7758e0c834cc1ff1f6f9fd0cb97f7
-
SHA256
074ac7728f0c3805dc58b21daba42e6f490f2a908c4bb1220f32dac4562c2685
-
SHA512
52db12933cab16fb53d9265c74873357a21b0d62d9065626ce7e9116ac70c5c155983e49d2b78724363e9d4914538209d4f2f978d99e0ae1b6c4f4b1955ad4b0
-
SSDEEP
48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqhgeaieb5E/gfdmxTasoVbnROIE01cq4Ogl:hy859x0P8MaqmYfkFpoV4IRv4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1944 wrote to memory of 2152 1944 rundll32.exe 79 PID 1944 wrote to memory of 2152 1944 rundll32.exe 79 PID 1944 wrote to memory of 2152 1944 rundll32.exe 79
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\074ac7728f0c3805dc58b21daba42e6f490f2a908c4bb1220f32dac4562c2685.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1944 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\074ac7728f0c3805dc58b21daba42e6f490f2a908c4bb1220f32dac4562c2685.dll,#12⤵PID:2152
-