Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
154s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 17:48
Static task
static1
Behavioral task
behavioral1
Sample
763ec02575a06d3d5b22a19e75995698cb1a5b83b7d5f3d52f5f050a461e8c54.dll
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
763ec02575a06d3d5b22a19e75995698cb1a5b83b7d5f3d52f5f050a461e8c54.dll
Resource
win10v2004-20221111-en
windows10-2004-x64
General
-
Target
763ec02575a06d3d5b22a19e75995698cb1a5b83b7d5f3d52f5f050a461e8c54.dll
-
Size
79KB
-
MD5
32199da119198eab7feabfa98bfa1640
-
SHA1
17b7b2cdb0a6556efcad6db120480f1887d5c318
-
SHA256
763ec02575a06d3d5b22a19e75995698cb1a5b83b7d5f3d52f5f050a461e8c54
-
SHA512
50aa6951ee08a55b1c971f272ff2ae87539c27118060ca1f8fbfef0637ccea1273e0c76ab64f9bd7f8bcd77f1f33e2eb71d7402fc824cf23e771f65525ee0426
-
SSDEEP
1536:wuHoRJlJbT8eox2Icm+cHoI6bUjC8ckM7mRq7lvyU5Bf4pv1/mtTf2:w5J7q2IKY64jtcD7con7f4yh2
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 56 IoCs
pid Process 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe 3404 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4416 wrote to memory of 3404 4416 rundll32.exe 83 PID 4416 wrote to memory of 3404 4416 rundll32.exe 83 PID 4416 wrote to memory of 3404 4416 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\763ec02575a06d3d5b22a19e75995698cb1a5b83b7d5f3d52f5f050a461e8c54.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4416 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\763ec02575a06d3d5b22a19e75995698cb1a5b83b7d5f3d52f5f050a461e8c54.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
PID:3404
-