Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
112s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 21:42
Static task
static1
Behavioral task
behavioral1
Sample
fc21472e3654df6b74ab98e28835f2ad860a6178a5ff644bbebbea03804aed92.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fc21472e3654df6b74ab98e28835f2ad860a6178a5ff644bbebbea03804aed92.dll
Resource
win10v2004-20220901-en
General
-
Target
fc21472e3654df6b74ab98e28835f2ad860a6178a5ff644bbebbea03804aed92.dll
-
Size
17KB
-
MD5
29b63d46118e8425169f2c0336ec497f
-
SHA1
03502d2cd5e09c9a217afdfbd6694c660d08befd
-
SHA256
fc21472e3654df6b74ab98e28835f2ad860a6178a5ff644bbebbea03804aed92
-
SHA512
caff2d958525a01155a6dc3a86a339f75ee65f14fdc634b7fdd9a5d02610d0cbb50fe6257d09c835b68d1758dc2383f53bc6edf62265792280050d9bd067aa4e
-
SSDEEP
192:nDqeRwdb3enG2RxnSGzTcb7dYMnW0TYxm2pXEz4JWaULI7kbSHkFQc3psZ/Q99gS:DqzdeGQ/TcFPnW0wp0tekWo5s5eGZvXI
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5040 wrote to memory of 4980 5040 rundll32.exe 62 PID 5040 wrote to memory of 4980 5040 rundll32.exe 62 PID 5040 wrote to memory of 4980 5040 rundll32.exe 62
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fc21472e3654df6b74ab98e28835f2ad860a6178a5ff644bbebbea03804aed92.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fc21472e3654df6b74ab98e28835f2ad860a6178a5ff644bbebbea03804aed92.dll,#12⤵PID:4980
-