Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 03:34
Behavioral task
behavioral1
Sample
c88272c918c8e9d0b1f6859a7629440a180ca9a5333a27ad050597050d79e293.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c88272c918c8e9d0b1f6859a7629440a180ca9a5333a27ad050597050d79e293.dll
Resource
win10v2004-20220812-en
General
-
Target
c88272c918c8e9d0b1f6859a7629440a180ca9a5333a27ad050597050d79e293.dll
-
Size
62KB
-
MD5
5b038ce625bbe73e38f948b6e851d9ab
-
SHA1
8355a1931b57844fbffba8da2a5b7679e752b3d8
-
SHA256
c88272c918c8e9d0b1f6859a7629440a180ca9a5333a27ad050597050d79e293
-
SHA512
507d70d63598d15647327a024fced824cbc4ff0904e0527557c229edffe40e354878f90afc746e1538b2a50a5ab5b3b2ea14f6bbcb5e065f400d7c79848a11e9
-
SSDEEP
1536:RVEzKE93UqnTOp7r8pdlkngX9Vlfu0mUb/Kw3kF+QZo5LlT:TEZ9vTer8pEgBdFbCw0kQZgT
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/3952-133-0x0000000010000000-0x000000001000D000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2760 wrote to memory of 3952 2760 rundll32.exe 81 PID 2760 wrote to memory of 3952 2760 rundll32.exe 81 PID 2760 wrote to memory of 3952 2760 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c88272c918c8e9d0b1f6859a7629440a180ca9a5333a27ad050597050d79e293.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2760 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c88272c918c8e9d0b1f6859a7629440a180ca9a5333a27ad050597050d79e293.dll,#12⤵PID:3952
-