Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2022, 00:02
Static task
static1
Behavioral task
behavioral1
Sample
ba11d23002a546b3df3ac050357400fbe5769df13d5d7eb84408efd01ff7abbb.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ba11d23002a546b3df3ac050357400fbe5769df13d5d7eb84408efd01ff7abbb.dll
Resource
win10v2004-20220901-en
General
-
Target
ba11d23002a546b3df3ac050357400fbe5769df13d5d7eb84408efd01ff7abbb.dll
-
Size
5KB
-
MD5
5c1a32385e2b9ca5ddfb88b57703cea0
-
SHA1
312fc3b8f840b772942499b04fe84bf260a45d85
-
SHA256
ba11d23002a546b3df3ac050357400fbe5769df13d5d7eb84408efd01ff7abbb
-
SHA512
f4276f8bd5a579ab9db82c38b603d1a594962476c779d03d3fe1c54f781c724115931e437d5753d5b328e3bf631026e81e54ebb7e9a9d0540f8a78e728bfeaf3
-
SSDEEP
48:q0aaPO8jGSLIv+Tqq7NqrhWR07iIsitl6YtDytJFgOrnsB/SsyomXr6Smucra:1h9jTqMMrY0OI/KYyznSMeSmuj
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2084 wrote to memory of 2632 2084 rundll32.exe 81 PID 2084 wrote to memory of 2632 2084 rundll32.exe 81 PID 2084 wrote to memory of 2632 2084 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ba11d23002a546b3df3ac050357400fbe5769df13d5d7eb84408efd01ff7abbb.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2084 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ba11d23002a546b3df3ac050357400fbe5769df13d5d7eb84408efd01ff7abbb.dll,#12⤵PID:2632
-