Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
176s -
max time network
192s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 03:59
Behavioral task
behavioral1
Sample
83af274ab36df536fae186a20d79f7ccdb9079b329144f6cdc2644682af72ac8.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
83af274ab36df536fae186a20d79f7ccdb9079b329144f6cdc2644682af72ac8.dll
Resource
win10v2004-20221111-en
General
-
Target
83af274ab36df536fae186a20d79f7ccdb9079b329144f6cdc2644682af72ac8.dll
-
Size
65KB
-
MD5
0e237877ba672a193e8d0d6d837fa2bb
-
SHA1
51bf46882fa1f3e43fb9c8d6ecc61f20d0696db3
-
SHA256
83af274ab36df536fae186a20d79f7ccdb9079b329144f6cdc2644682af72ac8
-
SHA512
00f54060a9cbb2f7f6c1ef84507f93451324cbbad76e01499b47827224f39b8cc2e74eaa5dc8c44c0ff6fa2f0bbd691088a5ae9daa2b9a70e02c8883d5962553
-
SSDEEP
1536:ob8Vwn/MDIjdblgAMMGrRwqXGl/38DX7OwYzr2Rhd:oz/M8pEhXq/3crOw0rMhd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3428 wrote to memory of 1192 3428 rundll32.exe 83 PID 3428 wrote to memory of 1192 3428 rundll32.exe 83 PID 3428 wrote to memory of 1192 3428 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\83af274ab36df536fae186a20d79f7ccdb9079b329144f6cdc2644682af72ac8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3428 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\83af274ab36df536fae186a20d79f7ccdb9079b329144f6cdc2644682af72ac8.dll,#12⤵PID:1192
-