Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
184s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2022, 01:31
Static task
static1
Behavioral task
behavioral1
Sample
6c724ceb0eb88208ee0b22814e79b79b34d131f6cb01b07f6c512b541a2940ef.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
6c724ceb0eb88208ee0b22814e79b79b34d131f6cb01b07f6c512b541a2940ef.dll
Resource
win10v2004-20221111-en
General
-
Target
6c724ceb0eb88208ee0b22814e79b79b34d131f6cb01b07f6c512b541a2940ef.dll
-
Size
42KB
-
MD5
7c50a1aa29ceb12705b832c215b62025
-
SHA1
03d37e45b2418c1301dc31184a3817011d5b90bc
-
SHA256
6c724ceb0eb88208ee0b22814e79b79b34d131f6cb01b07f6c512b541a2940ef
-
SHA512
68bf758031d152202364897b3f7c5b0ae69e561089116ca307c920064a9e3205ce152c6d2ae200610dd753cc75cdf2559f7d6d58df24e700fbf86c06a02f2f0c
-
SSDEEP
768:ulAqQidiEgzdbkpjhWToENNqDKt76mr7TKttBro7PpPJdTWBnRECriM:aA/6bgzB0FENNqCFr7TKJroBLanREC/
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 656 wrote to memory of 1892 656 rundll32.exe 81 PID 656 wrote to memory of 1892 656 rundll32.exe 81 PID 656 wrote to memory of 1892 656 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6c724ceb0eb88208ee0b22814e79b79b34d131f6cb01b07f6c512b541a2940ef.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:656 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6c724ceb0eb88208ee0b22814e79b79b34d131f6cb01b07f6c512b541a2940ef.dll,#12⤵PID:1892
-