Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
216s -
max time network
325s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
02/12/2022, 02:02
Static task
static1
Behavioral task
behavioral1
Sample
afe06297cfb0f74e93b612f46d207a71050584167c90124cee7ec2e5643a89d5.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
afe06297cfb0f74e93b612f46d207a71050584167c90124cee7ec2e5643a89d5.dll
Resource
win10v2004-20221111-en
General
-
Target
afe06297cfb0f74e93b612f46d207a71050584167c90124cee7ec2e5643a89d5.dll
-
Size
5KB
-
MD5
c0fd4e78e8b59f3f8717788c1c6d6fa0
-
SHA1
695a637f587d0c1b4c7bfac324b09078f0b4dc09
-
SHA256
afe06297cfb0f74e93b612f46d207a71050584167c90124cee7ec2e5643a89d5
-
SHA512
241f1bd170ef8559e41772843ee65638d844e44db51ce3bc4e4a8fbcb3683a8b33d31a8a706c586e85ddc2213763f3ce5b6b94d8505b1dfa8b116e8327fcedf9
-
SSDEEP
48:a5zdM1cSTBg0r27vTuAEKm9TffzpsNAz9y5SadOY8yw/uTAZTnHUR3Ehd:PT3r2vu9F9TfVgAzmmY8g09oEhd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 864 wrote to memory of 1772 864 rundll32.exe 81 PID 864 wrote to memory of 1772 864 rundll32.exe 81 PID 864 wrote to memory of 1772 864 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\afe06297cfb0f74e93b612f46d207a71050584167c90124cee7ec2e5643a89d5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:864 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\afe06297cfb0f74e93b612f46d207a71050584167c90124cee7ec2e5643a89d5.dll,#12⤵PID:1772
-