Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
96s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 21:52
Static task
static1
Behavioral task
behavioral1
Sample
905c3d8c64218cf62c0c78fe65e0bce7d61ab68f164acb8cb521869b50f2f520.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
905c3d8c64218cf62c0c78fe65e0bce7d61ab68f164acb8cb521869b50f2f520.dll
Resource
win10v2004-20220901-en
General
-
Target
905c3d8c64218cf62c0c78fe65e0bce7d61ab68f164acb8cb521869b50f2f520.dll
-
Size
6KB
-
MD5
df835aa09d4d88b7dfb1b62a6296e920
-
SHA1
ef6fd1fedcd6c1432d5cfa7648b2328c50d967a7
-
SHA256
905c3d8c64218cf62c0c78fe65e0bce7d61ab68f164acb8cb521869b50f2f520
-
SHA512
88baec9742173fba96167f0b70235bf403b38715f4421ed1f1803fb98daaa5918d0843369c7f38975682af78bae69d8c219b3cf0510bebe6e6064cc5b40e99b7
-
SSDEEP
96:nEY2RrF1eqwi4NQvcQqM3BwiQYFY7OJDxT4oy9W3OWE5s3PfJT:EHRh1eppuvcQqM3ZbCT9W3OWEEt
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3144 wrote to memory of 4324 3144 rundll32.exe 76 PID 3144 wrote to memory of 4324 3144 rundll32.exe 76 PID 3144 wrote to memory of 4324 3144 rundll32.exe 76
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\905c3d8c64218cf62c0c78fe65e0bce7d61ab68f164acb8cb521869b50f2f520.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3144 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\905c3d8c64218cf62c0c78fe65e0bce7d61ab68f164acb8cb521869b50f2f520.dll,#12⤵PID:4324
-