Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    95s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 13:35

General

  • Target

    af50983e0b867fd66ae23eaed25c457e7ba6df5274da2ec3942229c294b8b1c8.dll

  • Size

    515KB

  • MD5

    186cad2d3beace6bfc19b4f9711e3cd1

  • SHA1

    6ef1c73e5d7aff93708357c3e29f1343e28ac475

  • SHA256

    af50983e0b867fd66ae23eaed25c457e7ba6df5274da2ec3942229c294b8b1c8

  • SHA512

    daa5fdf4f5b5ef1b69552060f540d1ad69d412ab460749e3eb661acff9a4cbf1e8cd9655f11aadd0855943db96d86166ad07642eea50c9dbcd1f0e28ab440a81

  • SSDEEP

    12288:QiV7WPiA6QqWItPRDvt3NvzeXk4bbn+7NSLvLR:t6iA6QqW+LCXkY+7N0LR

Score
6/10

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\af50983e0b867fd66ae23eaed25c457e7ba6df5274da2ec3942229c294b8b1c8.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4772
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\af50983e0b867fd66ae23eaed25c457e7ba6df5274da2ec3942229c294b8b1c8.dll,#1
      2⤵
      • Checks whether UAC is enabled
      PID:1224

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads