Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 22:14 UTC
Static task
static1
Behavioral task
behavioral1
Sample
da0b9754dd0eca2550c12947b1bb1dfffd650037c4d7981986b16b33d160b30d.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
da0b9754dd0eca2550c12947b1bb1dfffd650037c4d7981986b16b33d160b30d.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
da0b9754dd0eca2550c12947b1bb1dfffd650037c4d7981986b16b33d160b30d.dll
-
Size
4KB
-
MD5
aae6f82733fd37acaeb90965bdd33190
-
SHA1
d90d4f1a4277a9c45f45cddbcd10bd87e34ea299
-
SHA256
da0b9754dd0eca2550c12947b1bb1dfffd650037c4d7981986b16b33d160b30d
-
SHA512
1bb741e845a9085866f26e2d54830be7ce7c7dd8cd24cb5432b34f410a4e635ef58a696650fdd346144b5cd683cf1cdcb1b2f7d9def1d3cbb5b4a58c4d4d3c16
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1436 wrote to memory of 2120 1436 rundll32.exe 79 PID 1436 wrote to memory of 2120 1436 rundll32.exe 79 PID 1436 wrote to memory of 2120 1436 rundll32.exe 79
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\da0b9754dd0eca2550c12947b1bb1dfffd650037c4d7981986b16b33d160b30d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1436 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\da0b9754dd0eca2550c12947b1bb1dfffd650037c4d7981986b16b33d160b30d.dll,#12⤵PID:2120
-
Network
-
Remote address:8.8.8.8:53Request226.101.242.52.in-addr.arpaIN PTRResponse
-
322 B 7
-
322 B 7
-
322 B 7
-
322 B 7
-
322 B 7