Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
185s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
05/12/2022, 06:06
Static task
static1
Behavioral task
behavioral1
Sample
e528dda3c969fea3e808186519400ea22c0f4d9a04ddbacbd6648471da7f7785.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e528dda3c969fea3e808186519400ea22c0f4d9a04ddbacbd6648471da7f7785.dll
Resource
win10v2004-20220812-en
General
-
Target
e528dda3c969fea3e808186519400ea22c0f4d9a04ddbacbd6648471da7f7785.dll
-
Size
268KB
-
MD5
d6c72674ba8bb9ef8d06bb06121f2c40
-
SHA1
96f755228b2d4484f6aa90a8d6ff0df22c411edb
-
SHA256
e528dda3c969fea3e808186519400ea22c0f4d9a04ddbacbd6648471da7f7785
-
SHA512
02f37f24c8cd4528ec8f09bddee5d59e9f0caf8fa54ddd3045b99f79f6c5afc87eadf8d2919b8069f058e6b724aa629c7c3851e02347e86e14b833e03cc94f39
-
SSDEEP
6144:pI0bZNAe5gt6qJBnvFomdVf4ZH327jYM8rSddwA:pjTA6ggqJBOJm7M/rTA
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 1 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1576 wrote to memory of 5012 1576 rundll32.exe 78 PID 1576 wrote to memory of 5012 1576 rundll32.exe 78 PID 1576 wrote to memory of 5012 1576 rundll32.exe 78
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e528dda3c969fea3e808186519400ea22c0f4d9a04ddbacbd6648471da7f7785.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1576 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e528dda3c969fea3e808186519400ea22c0f4d9a04ddbacbd6648471da7f7785.dll,#12⤵
- Enumerates system info in registry
PID:5012
-