Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
171s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 04:57
Static task
static1
Behavioral task
behavioral1
Sample
3f1ca6325d0d010843835f4bfaae308f7688ef8d797c7b95713a10719949306e.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3f1ca6325d0d010843835f4bfaae308f7688ef8d797c7b95713a10719949306e.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
3f1ca6325d0d010843835f4bfaae308f7688ef8d797c7b95713a10719949306e.dll
-
Size
4KB
-
MD5
5b188aa7e3de7f34b1a45472e5244880
-
SHA1
727fcfad80c7d4af0d9c57e2549582616d81e947
-
SHA256
3f1ca6325d0d010843835f4bfaae308f7688ef8d797c7b95713a10719949306e
-
SHA512
a03a9538510546fe5a853308cbfaa215b700c710c033a6355f3e88519452f9e59ca4faf2b6812223826405882852bd8379ef1ca2ff24710e80ac5757736d6543
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3044 wrote to memory of 4664 3044 rundll32.exe 80 PID 3044 wrote to memory of 4664 3044 rundll32.exe 80 PID 3044 wrote to memory of 4664 3044 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f1ca6325d0d010843835f4bfaae308f7688ef8d797c7b95713a10719949306e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3044 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f1ca6325d0d010843835f4bfaae308f7688ef8d797c7b95713a10719949306e.dll,#12⤵PID:4664
-