Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
72s -
max time network
136s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 21:52
Static task
static1
Behavioral task
behavioral1
Sample
985b4e1e1a7c0c330d9b5e00ab99669b5338ccc0be57be999fa00e6fa7ea2732.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
985b4e1e1a7c0c330d9b5e00ab99669b5338ccc0be57be999fa00e6fa7ea2732.dll
Resource
win10v2004-20220812-en
General
-
Target
985b4e1e1a7c0c330d9b5e00ab99669b5338ccc0be57be999fa00e6fa7ea2732.dll
-
Size
6KB
-
MD5
bec62af7bb0931311b6d9d86c5900db0
-
SHA1
f7b26fe3db6d30bd7520a47fb9f8ae913189714b
-
SHA256
985b4e1e1a7c0c330d9b5e00ab99669b5338ccc0be57be999fa00e6fa7ea2732
-
SHA512
f0ecd1ff533e00bdf986dff1ae9bc42987189f898f16f03376ba6c3cfe895562b0ab739155ff50acf4bf658ac3dff352b22443d6679e4ce6c0b0a40179ede66c
-
SSDEEP
96:nEY2RrF1eqwi4dyR3gCZ92XhhCF15C+pJkxEyvMt:EHRh1eppcRwCqeL5C8kmyvMt
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2328 wrote to memory of 4896 2328 rundll32.exe 80 PID 2328 wrote to memory of 4896 2328 rundll32.exe 80 PID 2328 wrote to memory of 4896 2328 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\985b4e1e1a7c0c330d9b5e00ab99669b5338ccc0be57be999fa00e6fa7ea2732.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\985b4e1e1a7c0c330d9b5e00ab99669b5338ccc0be57be999fa00e6fa7ea2732.dll,#12⤵PID:4896
-