Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
170s -
max time network
211s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
29/11/2022, 10:07
Behavioral task
behavioral1
Sample
2c0b1543a9a1ac9e1d79f0a4a240cf0562dc8617a20a493c50cf778587b66c08.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2c0b1543a9a1ac9e1d79f0a4a240cf0562dc8617a20a493c50cf778587b66c08.dll
Resource
win10v2004-20221111-en
General
-
Target
2c0b1543a9a1ac9e1d79f0a4a240cf0562dc8617a20a493c50cf778587b66c08.dll
-
Size
11KB
-
MD5
3d3eeea7cc8eac792222c36b8e6a7dc0
-
SHA1
906e37b0cbc90bd93d7619118d7f8476723937c2
-
SHA256
2c0b1543a9a1ac9e1d79f0a4a240cf0562dc8617a20a493c50cf778587b66c08
-
SHA512
fe63e9119bbd36cc202c946eeba13ddaa1db3c3d9a5579b4f63df2f20909c8c83324ff45c94798d6a8510550f380c4dc8a7f567d61b8f7e0f8d11e753818b839
-
SSDEEP
192:3SC8I6CLdScS9dRVZdr3mDakQnTg9XwwTPnzX1a7khswrMRHsfhRgWScWw:3pLVLdScS1VD3k/QnTyXZLnT1Xhd3fDG
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 228 wrote to memory of 1408 228 rundll32.exe 81 PID 228 wrote to memory of 1408 228 rundll32.exe 81 PID 228 wrote to memory of 1408 228 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2c0b1543a9a1ac9e1d79f0a4a240cf0562dc8617a20a493c50cf778587b66c08.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2c0b1543a9a1ac9e1d79f0a4a240cf0562dc8617a20a493c50cf778587b66c08.dll,#12⤵PID:1408
-