Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
05/12/2022, 10:33
Static task
static1
Behavioral task
behavioral1
Sample
a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9.dll
Resource
win10v2004-20220901-en
General
-
Target
a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9.dll
-
Size
5KB
-
MD5
a08e2afc9688d27f6a971b98e3726ed0
-
SHA1
8e642e97178931b99ce34234cf7b4badac2ee917
-
SHA256
a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9
-
SHA512
06b9bd45fc3837d2991faff56a64771ca055f82e964c5ecf6f1ec1218acfea36b09cf324e8fa25b8458b97f04b63bc940b1e05caa67822e0bac820acc329684a
-
SSDEEP
96:R6Di6iiGIaXowjJj8KE7milmQ1k6GsvvV0DB5UVMecBsSDo4l4k0cWPBH:R6+a1eSK+VSDcmFRc5
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1688 wrote to memory of 4804 1688 rundll32.exe 81 PID 1688 wrote to memory of 4804 1688 rundll32.exe 81 PID 1688 wrote to memory of 4804 1688 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1688 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9.dll,#12⤵PID:4804
-