Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 03:51
Behavioral task
behavioral1
Sample
ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace.dll
Resource
win10v2004-20220812-en
General
-
Target
ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace.dll
-
Size
76KB
-
MD5
37826c72b1b133533bbb422b35b8e17e
-
SHA1
1a662f80121414fcaf73a7028456f74bb5a8acc6
-
SHA256
ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace
-
SHA512
449ec87129b7442a9697855f4aa1cc1ec63fce59f7a33b09413666a1b86beafe377ce7c079f88b3cc34f82e6d1974463b795b7567316b53028fb5bb27750837f
-
SSDEEP
1536:Mq/JmJSP635twGuOivzH6y47fnXqcEzEhjfY:z/JmJSPACjqrqVmjg
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1580 wrote to memory of 1176 1580 rundll32.exe 81 PID 1580 wrote to memory of 1176 1580 rundll32.exe 81 PID 1580 wrote to memory of 1176 1580 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1580 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace.dll,#12⤵PID:1176
-