Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
131s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2022, 02:07
Static task
static1
Behavioral task
behavioral1
Sample
89ef19bb6504c6b1db47b9213ddbef098e08a81aeda105e3fa074d55332d5ff2.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
89ef19bb6504c6b1db47b9213ddbef098e08a81aeda105e3fa074d55332d5ff2.dll
Resource
win10v2004-20220812-en
General
-
Target
89ef19bb6504c6b1db47b9213ddbef098e08a81aeda105e3fa074d55332d5ff2.dll
-
Size
224KB
-
MD5
a52284384c88204a9db65b39c1469880
-
SHA1
edbe103a61ea9dea91cc092d18705d13f0e8d166
-
SHA256
89ef19bb6504c6b1db47b9213ddbef098e08a81aeda105e3fa074d55332d5ff2
-
SHA512
557390ac0aeeb1f25f4f0d474026b5612012dd048410ceaac76b75c0d29fb7c1c03b38719850d9100a3acad74f57d59ba589cda4042e2128310d42058ce52e92
-
SSDEEP
3072:skONwyLv/ENXtvH5NXO6HXaaURuvbeYHxnSBHd1DV73Db1Pu2NiApRw9pI0RrKqi:skO28U5NOWXaaUunGdFdDbJpe9nffq
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2820 wrote to memory of 3136 2820 rundll32.exe 78 PID 2820 wrote to memory of 3136 2820 rundll32.exe 78 PID 2820 wrote to memory of 3136 2820 rundll32.exe 78
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\89ef19bb6504c6b1db47b9213ddbef098e08a81aeda105e3fa074d55332d5ff2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\89ef19bb6504c6b1db47b9213ddbef098e08a81aeda105e3fa074d55332d5ff2.dll,#12⤵PID:3136
-