Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
201s -
max time network
260s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 22:38
Static task
static1
Behavioral task
behavioral1
Sample
9b69546e04e2c736257c2626ea14204db51fec1fdc4919034b80dd83c6c26e5a.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
9b69546e04e2c736257c2626ea14204db51fec1fdc4919034b80dd83c6c26e5a.dll
Resource
win10v2004-20221111-en
General
-
Target
9b69546e04e2c736257c2626ea14204db51fec1fdc4919034b80dd83c6c26e5a.dll
-
Size
6KB
-
MD5
ea6090b14744f3a1eb20e9891c783030
-
SHA1
3cdd01aa9d316680e94d8282f8f78044eda6b6b8
-
SHA256
9b69546e04e2c736257c2626ea14204db51fec1fdc4919034b80dd83c6c26e5a
-
SHA512
5134c695408eca984079a8d16134fecc486507dcc5baf75a734dec1f60c86337bdedb6698eb9e346358bc8457fbc48dacc0f8d1eaf9e3d2830cd5b822ef7ee56
-
SSDEEP
96:Ts1Wnnnynnnnnnnn6nnann7nnXnnbnnKniROeLTuIHMEoFcoOYOV8DGrEIp:YXXfuEoFcoOaDG5
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4248 wrote to memory of 4304 4248 rundll32.exe 80 PID 4248 wrote to memory of 4304 4248 rundll32.exe 80 PID 4248 wrote to memory of 4304 4248 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9b69546e04e2c736257c2626ea14204db51fec1fdc4919034b80dd83c6c26e5a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4248 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9b69546e04e2c736257c2626ea14204db51fec1fdc4919034b80dd83c6c26e5a.dll,#12⤵PID:4304
-