Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
276s -
max time network
332s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 03:43
Behavioral task
behavioral1
Sample
db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175.dll
Resource
win10v2004-20221111-en
General
-
Target
db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175.dll
-
Size
72KB
-
MD5
0fd76459845513e559bd44066adfc6a6
-
SHA1
c0de5ad09ecea7c2a0317cd8f4898bc753cd8950
-
SHA256
db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175
-
SHA512
f8ae647609dfe72978e15476164d0a49af3ff6dca81637a020fddd89f4e2a746bc95085ee99660920fdfd77e6c9fe0cbb647b37a4c3d71d313a35bc3ace50087
-
SSDEEP
1536:2hq93njDRSbSmvw37Wdp4ZTuBjSuwep0wKu/4DPhYmpUh:zpRSbSPK7guRpJKu/4DnpUh
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/1392-133-0x0000000010000000-0x000000001000E000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2128 wrote to memory of 1392 2128 rundll32.exe 80 PID 2128 wrote to memory of 1392 2128 rundll32.exe 80 PID 2128 wrote to memory of 1392 2128 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2128 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175.dll,#12⤵PID:1392
-