Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    276s
  • max time network
    332s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/12/2022, 03:43

General

  • Target

    db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175.dll

  • Size

    72KB

  • MD5

    0fd76459845513e559bd44066adfc6a6

  • SHA1

    c0de5ad09ecea7c2a0317cd8f4898bc753cd8950

  • SHA256

    db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175

  • SHA512

    f8ae647609dfe72978e15476164d0a49af3ff6dca81637a020fddd89f4e2a746bc95085ee99660920fdfd77e6c9fe0cbb647b37a4c3d71d313a35bc3ace50087

  • SSDEEP

    1536:2hq93njDRSbSmvw37Wdp4ZTuBjSuwep0wKu/4DPhYmpUh:zpRSbSPK7guRpJKu/4DnpUh

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2128
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\db0d751c866bb1592efc614244fd0b7bf149ca56a014ef1a8949d3a7600ac175.dll,#1
      2⤵
        PID:1392

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1392-133-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB