Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 06:52
Static task
static1
Behavioral task
behavioral1
Sample
b5cc3073a9747191f5592efdb8cba04f1f5bba3945ce97d2c611e87006fbc72a.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
b5cc3073a9747191f5592efdb8cba04f1f5bba3945ce97d2c611e87006fbc72a.dll
Resource
win10v2004-20220812-en
General
-
Target
b5cc3073a9747191f5592efdb8cba04f1f5bba3945ce97d2c611e87006fbc72a.dll
-
Size
137KB
-
MD5
3c33e72cff3990e88a18632d5c198d50
-
SHA1
2ec40beaaa72c7e8d655fadd7204267a952d3a4a
-
SHA256
b5cc3073a9747191f5592efdb8cba04f1f5bba3945ce97d2c611e87006fbc72a
-
SHA512
15d8515011c4f8fcf49788adcc5e5f4d91e1847772013be1a483596ba0d480596474681d9bfe6079ffefe5bfcbfaa25593531cdadc3ce2e1794dc0e7d6a8b1f3
-
SSDEEP
3072:K8wA0TMD5Dqg0yN1nvAANSw8ltWoihGCyMOLySWst+fXx30ILj:K8w6D4Kotup0LWI+fd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2620 wrote to memory of 4248 2620 rundll32.exe 80 PID 2620 wrote to memory of 4248 2620 rundll32.exe 80 PID 2620 wrote to memory of 4248 2620 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b5cc3073a9747191f5592efdb8cba04f1f5bba3945ce97d2c611e87006fbc72a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2620 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b5cc3073a9747191f5592efdb8cba04f1f5bba3945ce97d2c611e87006fbc72a.dll,#12⤵PID:4248
-