Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
184s -
max time network
196s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
02/12/2022, 20:18
Static task
static1
Behavioral task
behavioral1
Sample
7298a00153b20d6218cd056614b54422862184b80f001fd0aed660bf3360ce14.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7298a00153b20d6218cd056614b54422862184b80f001fd0aed660bf3360ce14.dll
Resource
win10v2004-20220812-en
General
-
Target
7298a00153b20d6218cd056614b54422862184b80f001fd0aed660bf3360ce14.dll
-
Size
265KB
-
MD5
1b92dff6e50923989cd4cc571bff36c0
-
SHA1
fc522e97f3412aad662adbb176d6a4410980cd2f
-
SHA256
7298a00153b20d6218cd056614b54422862184b80f001fd0aed660bf3360ce14
-
SHA512
9bbd2128c3a28bfe43dadb6e43239177737264442d3ee04e59200f1140257bad28438a14385ab5ca2e3c9c84864be3954ad941898da8e399640687fff2f317d1
-
SSDEEP
3072:pXWocFC1dE4QrTA7OWSgiUCUf9MWVy2dxMvFO4PDlohs:pXWozdJNV5MNHPxoh
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5004 wrote to memory of 3640 5004 rundll32.exe 73 PID 5004 wrote to memory of 3640 5004 rundll32.exe 73 PID 5004 wrote to memory of 3640 5004 rundll32.exe 73
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7298a00153b20d6218cd056614b54422862184b80f001fd0aed660bf3360ce14.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5004 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7298a00153b20d6218cd056614b54422862184b80f001fd0aed660bf3360ce14.dll,#12⤵PID:3640
-