Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
277s -
max time network
336s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 15:26
Static task
static1
Behavioral task
behavioral1
Sample
adf145d2deacf74b1e72096dd73c466f08d7b56d66b96e31f5527b149312b444.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
adf145d2deacf74b1e72096dd73c466f08d7b56d66b96e31f5527b149312b444.dll
Resource
win10v2004-20221111-en
General
-
Target
adf145d2deacf74b1e72096dd73c466f08d7b56d66b96e31f5527b149312b444.dll
-
Size
724KB
-
MD5
2666f45bb2319c9ce5eea68ae0d8b770
-
SHA1
0bc3dc240ec1080c0617e43adbda384ec404e868
-
SHA256
adf145d2deacf74b1e72096dd73c466f08d7b56d66b96e31f5527b149312b444
-
SHA512
2157e08f33a1da568c05efc77a8056f052fb6b21ca4fc2b9a259247aee6177d8463bce15b36e0294231de9131551ebe4fb5f9e6b6c5baab46cdbba07470007fa
-
SSDEEP
12288:vx4TiB0iVXEvOAy80AhOGISw2toWqaxCmIegYKjK2+VoWuTK4viejSDRmpYjqKl1:Z4w0zO20ActTpcCmILYKV+u9O4qZFIYb
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4228 wrote to memory of 3492 4228 rundll32.exe 80 PID 4228 wrote to memory of 3492 4228 rundll32.exe 80 PID 4228 wrote to memory of 3492 4228 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\adf145d2deacf74b1e72096dd73c466f08d7b56d66b96e31f5527b149312b444.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\adf145d2deacf74b1e72096dd73c466f08d7b56d66b96e31f5527b149312b444.dll,#12⤵PID:3492
-