Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
177s -
max time network
191s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
04/12/2022, 05:28
Static task
static1
Behavioral task
behavioral1
Sample
86801d07c942317f6b1b07d1be84c2c0f11d88f192f29d5268309f81b01e11fe.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
86801d07c942317f6b1b07d1be84c2c0f11d88f192f29d5268309f81b01e11fe.dll
Resource
win10v2004-20221111-en
General
-
Target
86801d07c942317f6b1b07d1be84c2c0f11d88f192f29d5268309f81b01e11fe.dll
-
Size
24KB
-
MD5
ee053581dc8ed58b9c365f46b6b8f038
-
SHA1
f79005438f682f2cf6f7634f02674fe8fbd3b3fb
-
SHA256
86801d07c942317f6b1b07d1be84c2c0f11d88f192f29d5268309f81b01e11fe
-
SHA512
b03f286896bd192d7c83de4870929616c9c3df24176b983c1108bff08a5968473b324b1d33ddc3eac65b2c47c8432fc2a22bf2e93a4cb4716a7c1d50c19fed2e
-
SSDEEP
192:rlmS9xWaWvd+YlSSDQ2sqImrcjjiWS1MhNP1TRl:rlmcWNd+YlSSDBsqITjeWS1MhNPl
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3424 wrote to memory of 444 3424 rundll32.exe 82 PID 3424 wrote to memory of 444 3424 rundll32.exe 82 PID 3424 wrote to memory of 444 3424 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\86801d07c942317f6b1b07d1be84c2c0f11d88f192f29d5268309f81b01e11fe.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3424 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\86801d07c942317f6b1b07d1be84c2c0f11d88f192f29d5268309f81b01e11fe.dll,#12⤵PID:444
-