Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
03/12/2022, 18:21
Static task
static1
Behavioral task
behavioral1
Sample
bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9.dll
Resource
win10v2004-20220901-en
General
-
Target
bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9.dll
-
Size
48KB
-
MD5
22fda62b6ec4809f9537f54883f51812
-
SHA1
58c5272f9aa01d8c6e119fe70d6064affebf6a8b
-
SHA256
bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9
-
SHA512
83e5ba8b671cc0bc1834e13baae105afd60e679f57da577226fa2f66939590e0ca2f27982ec597f79b0888efaf49a120fd675da10773c0463cbd6e4e9a5ae4db
-
SSDEEP
768:AWt01kvd3EK+XuNY5yas6hrBygBtFn5B9FNERvsDPf08EMY6wQOZq0FuZ8:/Qkh1++GK6hsgn5B9b9P8MYrQOZq+u6
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\tiyipubu.dll rundll32.exe File opened for modification C:\Windows\SysWOW64\bapoluri rundll32.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4828 rundll32.exe 4828 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4864 wrote to memory of 4828 4864 rundll32.exe 80 PID 4864 wrote to memory of 4828 4864 rundll32.exe 80 PID 4864 wrote to memory of 4828 4864 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4864 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bd12ab6ca5485de129664a2a2af7193f98525e7eab35b4e23d0a3c82a4c5bea9.dll,#12⤵
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
PID:4828
-