Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 22:16
Static task
static1
Behavioral task
behavioral1
Sample
d62d5d244133c6866babc16adc1cb55964f97b26220a0b0b0754a53e9cdf2cd2.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d62d5d244133c6866babc16adc1cb55964f97b26220a0b0b0754a53e9cdf2cd2.dll
Resource
win10v2004-20221111-en
General
-
Target
d62d5d244133c6866babc16adc1cb55964f97b26220a0b0b0754a53e9cdf2cd2.dll
-
Size
6KB
-
MD5
e0a22de5bf418cb3027f87830a2074b0
-
SHA1
352be0f942b2361b49414a119d7914b486b9eef1
-
SHA256
d62d5d244133c6866babc16adc1cb55964f97b26220a0b0b0754a53e9cdf2cd2
-
SHA512
28fcc99e55ac5101e46ed3a518989fd48a78e13a7a9c8b6838000b33d3602ddbf59cb7af519cabe390b38bf1292451229eceb01fe2ccf13d1f15ceb21e934242
-
SSDEEP
96:z0QR9B6BvAwbIJS6xCw5zo6snaEto+gd2WoO8:JR94/bUbzsn/jt
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4648 wrote to memory of 4584 4648 rundll32.exe 83 PID 4648 wrote to memory of 4584 4648 rundll32.exe 83 PID 4648 wrote to memory of 4584 4648 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d62d5d244133c6866babc16adc1cb55964f97b26220a0b0b0754a53e9cdf2cd2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4648 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d62d5d244133c6866babc16adc1cb55964f97b26220a0b0b0754a53e9cdf2cd2.dll,#12⤵PID:4584
-