Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
102s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 00:02
Static task
static1
Behavioral task
behavioral1
Sample
9c7c1b3efe6383c3ffd283f74bb44149eaf408e79ac3f0775925d63d8765255d.dll
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral2
Sample
9c7c1b3efe6383c3ffd283f74bb44149eaf408e79ac3f0775925d63d8765255d.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
9c7c1b3efe6383c3ffd283f74bb44149eaf408e79ac3f0775925d63d8765255d.dll
-
Size
27KB
-
MD5
e674fc01c9972650c301861415c18460
-
SHA1
5265a42d368b208f10b14efab1ef5cb02d44d230
-
SHA256
9c7c1b3efe6383c3ffd283f74bb44149eaf408e79ac3f0775925d63d8765255d
-
SHA512
d6f7c43da1b57f08d7683e50b71fa90a4996cf48f115dd4cfc479b9272370ec90e6bbeb94f8fed76050ea35dd0f56b3c3eb1cc5e95335542cbb3ace333a64ec7
-
SSDEEP
384:1/yASy0m2N4tlJQNPi20Q/IdPc8zuP/qQbDOJBpbmXwkIvuwHjCYe:S0lJwPi5Q/IVZu3qVmf2e
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
flow pid Process 17 4532 rundll32.exe 18 4532 rundll32.exe 19 4532 rundll32.exe 20 4532 rundll32.exe 21 4532 rundll32.exe 22 4532 rundll32.exe 23 4532 rundll32.exe 24 4532 rundll32.exe 25 4532 rundll32.exe 26 4532 rundll32.exe 27 4532 rundll32.exe 28 4532 rundll32.exe 29 4532 rundll32.exe 30 4532 rundll32.exe 34 4532 rundll32.exe 35 4532 rundll32.exe 36 4532 rundll32.exe 37 4532 rundll32.exe 38 4532 rundll32.exe 39 4532 rundll32.exe 40 4532 rundll32.exe 41 4532 rundll32.exe 42 4532 rundll32.exe 43 4532 rundll32.exe 44 4532 rundll32.exe 45 4532 rundll32.exe 46 4532 rundll32.exe 47 4532 rundll32.exe 48 4532 rundll32.exe 49 4532 rundll32.exe 50 4532 rundll32.exe 51 4532 rundll32.exe 52 4532 rundll32.exe 53 4532 rundll32.exe 54 4532 rundll32.exe 55 4532 rundll32.exe 56 4532 rundll32.exe 57 4532 rundll32.exe 58 4532 rundll32.exe 59 4532 rundll32.exe 60 4532 rundll32.exe 61 4532 rundll32.exe 62 4532 rundll32.exe 63 4532 rundll32.exe 64 4532 rundll32.exe 65 4532 rundll32.exe 66 4532 rundll32.exe 67 4532 rundll32.exe 68 4532 rundll32.exe 69 4532 rundll32.exe 70 4532 rundll32.exe 71 4532 rundll32.exe 72 4532 rundll32.exe 73 4532 rundll32.exe 74 4532 rundll32.exe 75 4532 rundll32.exe 76 4532 rundll32.exe 77 4532 rundll32.exe 78 4532 rundll32.exe 79 4532 rundll32.exe 80 4532 rundll32.exe 81 4532 rundll32.exe 82 4532 rundll32.exe 83 4532 rundll32.exe -
Sets service image path in registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\4054361749\ImagePath = "\\systemroot\\4054361749" rundll32.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 4532 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeLoadDriverPrivilege 4532 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 384 wrote to memory of 4532 384 rundll32.exe 81 PID 384 wrote to memory of 4532 384 rundll32.exe 81 PID 384 wrote to memory of 4532 384 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9c7c1b3efe6383c3ffd283f74bb44149eaf408e79ac3f0775925d63d8765255d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:384 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9c7c1b3efe6383c3ffd283f74bb44149eaf408e79ac3f0775925d63d8765255d.dll,#12⤵
- Blocklisted process makes network request
- Sets service image path in registry
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:4532
-