Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
240s -
max time network
260s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 11:16
Behavioral task
behavioral1
Sample
eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a.dll
Resource
win10v2004-20221111-en
General
-
Target
eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a.dll
-
Size
16KB
-
MD5
bb60cb1009b0795a1066eeebe1dc00e0
-
SHA1
0ac5608cdfc542869cb48a151c201e65e1b1c7e0
-
SHA256
eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a
-
SHA512
61dcf15c5fb686969bd1cf054031eff58bb685ed0ef0e70209a77a27978c4ff02e1197a7a8a252daa7cdefafb77b6852a08bbadc3012fab08c0fb8e676a8c016
-
SSDEEP
384:Eg/9m7f9OzuPlMco4F5hAK8gAEOK4/vGzpSAps:KfAzBco0TAK8dEVSvGzzW
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2140-133-0x0000000010000000-0x000000001000F000-memory.dmp upx behavioral2/memory/2140-134-0x0000000010000000-0x000000001000F000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1656 wrote to memory of 2140 1656 rundll32.exe 80 PID 1656 wrote to memory of 2140 1656 rundll32.exe 80 PID 1656 wrote to memory of 2140 1656 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1656 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a.dll,#12⤵PID:2140
-