Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
180s -
max time network
230s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
02/12/2022, 01:28
Static task
static1
Behavioral task
behavioral1
Sample
ef55aace14adba9d062a4ae30accfd11d7beef6e428c893e41c7eac072f22bbf.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ef55aace14adba9d062a4ae30accfd11d7beef6e428c893e41c7eac072f22bbf.dll
Resource
win10v2004-20221111-en
General
-
Target
ef55aace14adba9d062a4ae30accfd11d7beef6e428c893e41c7eac072f22bbf.dll
-
Size
5KB
-
MD5
301fa924abb9fa0063aa8d711ff66f40
-
SHA1
ca293f5b638c63f989fdeb6d5b8495c82e7b7b20
-
SHA256
ef55aace14adba9d062a4ae30accfd11d7beef6e428c893e41c7eac072f22bbf
-
SHA512
536cdc8e62040df1c4e9f74f51ab6e16e8fa36742db212871973b8566c4e74fe78a63fb33e91aba44b9d2e822301732aad4bf16f145bdad2e912ad707e45a852
-
SSDEEP
96:nEY2RrF1eqwi4o9zTHs1Bg1e6/B2uHePW5XXbx:EHRh1eppodTMg1sDO
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1160 wrote to memory of 3576 1160 rundll32.exe 44 PID 1160 wrote to memory of 3576 1160 rundll32.exe 44 PID 1160 wrote to memory of 3576 1160 rundll32.exe 44
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ef55aace14adba9d062a4ae30accfd11d7beef6e428c893e41c7eac072f22bbf.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1160 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ef55aace14adba9d062a4ae30accfd11d7beef6e428c893e41c7eac072f22bbf.dll,#12⤵PID:3576
-