Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
05/12/2022, 07:12
Static task
static1
Behavioral task
behavioral1
Sample
beb7bc08acf44880401412b94e98e31a871207e66b90ccc275b831cba021e60b.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
beb7bc08acf44880401412b94e98e31a871207e66b90ccc275b831cba021e60b.dll
Resource
win10v2004-20220812-en
General
-
Target
beb7bc08acf44880401412b94e98e31a871207e66b90ccc275b831cba021e60b.dll
-
Size
1.7MB
-
MD5
d74f4d2e1176200a498964c218c04dfa
-
SHA1
1a0354245c05eaf21bca5654f1a01ab69d1af31e
-
SHA256
beb7bc08acf44880401412b94e98e31a871207e66b90ccc275b831cba021e60b
-
SHA512
51b1674707ac85bf1a1b2af02cd09865da112c8d57b11d46503139725105d468ee36ad26b7165091d52f8be897a43de93d3211b29e4ec802479435331b2b5a1c
-
SSDEEP
49152:84ba5FtOFbrFNjW3zrIhJQbUzdqoc+17D27NFOxa9ejp/g:xYb0FNjW34+UzdimO7N0x4ejpI
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3912 wrote to memory of 1108 3912 rundll32.exe 76 PID 3912 wrote to memory of 1108 3912 rundll32.exe 76 PID 3912 wrote to memory of 1108 3912 rundll32.exe 76
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\beb7bc08acf44880401412b94e98e31a871207e66b90ccc275b831cba021e60b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3912 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\beb7bc08acf44880401412b94e98e31a871207e66b90ccc275b831cba021e60b.dll,#12⤵PID:1108
-