Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
178s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
02/12/2022, 18:33
Static task
static1
Behavioral task
behavioral1
Sample
61d0bd44b2ca8157d824f3b72ba23b3c2e047e7f248e82714d5b831a23574649.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
61d0bd44b2ca8157d824f3b72ba23b3c2e047e7f248e82714d5b831a23574649.dll
Resource
win10v2004-20221111-en
General
-
Target
61d0bd44b2ca8157d824f3b72ba23b3c2e047e7f248e82714d5b831a23574649.dll
-
Size
1.1MB
-
MD5
c0ca412dfc68dc4e798b69d641c3937b
-
SHA1
7d1444b0f9c8144e36296647d3be94b87eb2d4a6
-
SHA256
61d0bd44b2ca8157d824f3b72ba23b3c2e047e7f248e82714d5b831a23574649
-
SHA512
eb5c7088954e0395bdbef9545abacda6150e631c2c6a32196a9136952ff38270b879bd8c51ecc70b288487c136e34e37bfa0e1e715924f88e1e8419a83c5f166
-
SSDEEP
24576:9yj5/Ex4BRW38y2wWm5LP+7c5VoV/OQm2xSy:9yjxoIW38y25m5LgRWQm27
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1536 wrote to memory of 4752 1536 rundll32.exe 83 PID 1536 wrote to memory of 4752 1536 rundll32.exe 83 PID 1536 wrote to memory of 4752 1536 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\61d0bd44b2ca8157d824f3b72ba23b3c2e047e7f248e82714d5b831a23574649.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1536 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\61d0bd44b2ca8157d824f3b72ba23b3c2e047e7f248e82714d5b831a23574649.dll,#12⤵PID:4752
-