Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
01/12/2022, 13:35
Static task
static1
Behavioral task
behavioral1
Sample
af50983e0b867fd66ae23eaed25c457e7ba6df5274da2ec3942229c294b8b1c8.dll
Resource
win7-20220901-en
2 signatures
150 seconds
General
-
Target
af50983e0b867fd66ae23eaed25c457e7ba6df5274da2ec3942229c294b8b1c8.dll
-
Size
515KB
-
MD5
186cad2d3beace6bfc19b4f9711e3cd1
-
SHA1
6ef1c73e5d7aff93708357c3e29f1343e28ac475
-
SHA256
af50983e0b867fd66ae23eaed25c457e7ba6df5274da2ec3942229c294b8b1c8
-
SHA512
daa5fdf4f5b5ef1b69552060f540d1ad69d412ab460749e3eb661acff9a4cbf1e8cd9655f11aadd0855943db96d86166ad07642eea50c9dbcd1f0e28ab440a81
-
SSDEEP
12288:QiV7WPiA6QqWItPRDvt3NvzeXk4bbn+7NSLvLR:t6iA6QqW+LCXkY+7N0LR
Malware Config
Signatures
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4772 wrote to memory of 1224 4772 rundll32.exe 78 PID 4772 wrote to memory of 1224 4772 rundll32.exe 78 PID 4772 wrote to memory of 1224 4772 rundll32.exe 78
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\af50983e0b867fd66ae23eaed25c457e7ba6df5274da2ec3942229c294b8b1c8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4772 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\af50983e0b867fd66ae23eaed25c457e7ba6df5274da2ec3942229c294b8b1c8.dll,#12⤵
- Checks whether UAC is enabled
PID:1224
-