Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02/12/2022, 19:15
Behavioral task
behavioral1
Sample
321010fa19bb0ee448e07791efa9f461ec71f02e1d05d7c0f52c5da9ef02b7eb.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
321010fa19bb0ee448e07791efa9f461ec71f02e1d05d7c0f52c5da9ef02b7eb.dll
Resource
win10v2004-20220812-en
General
-
Target
321010fa19bb0ee448e07791efa9f461ec71f02e1d05d7c0f52c5da9ef02b7eb.dll
-
Size
56KB
-
MD5
6c6508ec98d52678975e9ac861191ee0
-
SHA1
3447eaf3438aa58fefc4f09f762ab6d14eb6ca45
-
SHA256
321010fa19bb0ee448e07791efa9f461ec71f02e1d05d7c0f52c5da9ef02b7eb
-
SHA512
9018c668f164ff1eb9c1cef356590245827eb2034df8e2d9b2b21763fc7c7c633e75a5bfac79665bc5f2ddd2b587ed5e90a0646f9df2dcfb3f1e07ef742c0102
-
SSDEEP
1536:n7ZLNPp9pZBM/WYtPeOWwTgZH330lBC6JWguffYYC:7ZppP0PfBdHJWgufAYC
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1436 wrote to memory of 4372 1436 rundll32.exe 79 PID 1436 wrote to memory of 4372 1436 rundll32.exe 79 PID 1436 wrote to memory of 4372 1436 rundll32.exe 79
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\321010fa19bb0ee448e07791efa9f461ec71f02e1d05d7c0f52c5da9ef02b7eb.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1436 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\321010fa19bb0ee448e07791efa9f461ec71f02e1d05d7c0f52c5da9ef02b7eb.dll,#12⤵PID:4372
-