Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
311s -
max time network
414s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2022, 01:56
Static task
static1
Behavioral task
behavioral1
Sample
bee0e28d2addb41fe32ab434f8fb3dfd0a17ffd6642ae6f711c69e49db442c42.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
bee0e28d2addb41fe32ab434f8fb3dfd0a17ffd6642ae6f711c69e49db442c42.dll
Resource
win10v2004-20221111-en
General
-
Target
bee0e28d2addb41fe32ab434f8fb3dfd0a17ffd6642ae6f711c69e49db442c42.dll
-
Size
360KB
-
MD5
cbf7ecdb67a7d9978614c997de2a22f0
-
SHA1
6eada85f28ce4477e57e4446863d5ba2f4883dfa
-
SHA256
bee0e28d2addb41fe32ab434f8fb3dfd0a17ffd6642ae6f711c69e49db442c42
-
SHA512
38960622e00177ab101c147d5b1989ea961802a7917f16f7f14a92889ad3bba17822c461e617ef491e688f484374c4b06b198dd72f1a48391745044e11a1b551
-
SSDEEP
6144:TdoSityBcrECwzKPmMOSF1ck5zxwJdJnM0tt:hhOa7Cwve1c4WJMat
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3140 wrote to memory of 4764 3140 rundll32.exe 32 PID 3140 wrote to memory of 4764 3140 rundll32.exe 32 PID 3140 wrote to memory of 4764 3140 rundll32.exe 32
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bee0e28d2addb41fe32ab434f8fb3dfd0a17ffd6642ae6f711c69e49db442c42.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3140 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bee0e28d2addb41fe32ab434f8fb3dfd0a17ffd6642ae6f711c69e49db442c42.dll,#12⤵PID:4764
-