Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 22:42
Static task
static1
Behavioral task
behavioral1
Sample
9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f.dll
Resource
win7-20221111-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f.dll
-
Size
4KB
-
MD5
ea35f854ca8a4588b63fc3157fb00d00
-
SHA1
b4a6a9effda93834a493107b033f9b78e4e5d1aa
-
SHA256
9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f
-
SHA512
1acaeadd8e46dfd70f1ed67c7bc5059a9b1164a14b8f63b4f7202aa3f326dabbafe0dd87e88304d22ea757e484ef49fbcb220e52f27b90f1fb45b6441977f804
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3992 wrote to memory of 1496 3992 rundll32.exe 25 PID 3992 wrote to memory of 1496 3992 rundll32.exe 25 PID 3992 wrote to memory of 1496 3992 rundll32.exe 25
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3992 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9242e34c8d9dfe873d178e0f9cdb036aa7b729d32bc38d3e5a1a16a66b52fd2f.dll,#12⤵PID:1496
-