Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
30/11/2022, 23:43
Static task
static1
Behavioral task
behavioral1
Sample
a88f773e619d06f6e4786bfd8e0fd4e5b792207a90f575fd3eb236be5c527b4c.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a88f773e619d06f6e4786bfd8e0fd4e5b792207a90f575fd3eb236be5c527b4c.dll
Resource
win10v2004-20220901-en
General
-
Target
a88f773e619d06f6e4786bfd8e0fd4e5b792207a90f575fd3eb236be5c527b4c.dll
-
Size
108KB
-
MD5
854dee49fbb4732ebcab91e13689970f
-
SHA1
66f296a8f7eaa04fd7f1a50b652c49d68413b702
-
SHA256
a88f773e619d06f6e4786bfd8e0fd4e5b792207a90f575fd3eb236be5c527b4c
-
SHA512
8baf73ab6c5c01a2589c6b43cd8d538d1c0aa09efe83292d481a9591fe7031a231524e8705049685825067a6109847b982baee477c1d05e1e03b8c550b2eea8b
-
SSDEEP
1536:3eEKLTRj09cJhPkfP6mAh3WNBv2calfIvYEbvqgqUHCux754SMs4hG2uWN:3MRLPkH6mo3WN52Vy75ftx75PMs4PN
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2340 wrote to memory of 4016 2340 rundll32.exe 82 PID 2340 wrote to memory of 4016 2340 rundll32.exe 82 PID 2340 wrote to memory of 4016 2340 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a88f773e619d06f6e4786bfd8e0fd4e5b792207a90f575fd3eb236be5c527b4c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2340 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a88f773e619d06f6e4786bfd8e0fd4e5b792207a90f575fd3eb236be5c527b4c.dll,#12⤵PID:4016
-