Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
202s -
max time network
204s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
05/12/2022, 11:59
Static task
static1
Behavioral task
behavioral1
Sample
95e32445007431b76331933f3af450650fb8c89c1d4d8c5499d93ae3cd467f51.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
95e32445007431b76331933f3af450650fb8c89c1d4d8c5499d93ae3cd467f51.dll
Resource
win10v2004-20220812-en
General
-
Target
95e32445007431b76331933f3af450650fb8c89c1d4d8c5499d93ae3cd467f51.dll
-
Size
68KB
-
MD5
27d566a2e26f391d2e23d34570ee4253
-
SHA1
35bfa6e950db8176c9504ef872fbfa16196a5d5e
-
SHA256
95e32445007431b76331933f3af450650fb8c89c1d4d8c5499d93ae3cd467f51
-
SHA512
163296f5b5c835784bafb248c78f92aad3dc628b5398f2e71a952c0888f304eaf003f4677dff78ce9b28e21d27e81146c0c3a14766b865798cc820b1aeb97cc8
-
SSDEEP
1536:t7hIG49Fbixb7tmG+8nsfVk4JxsKuTCrpypTLhje/0sZE:VaG6pixb7tz4kctpUh6MsZE
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4448 wrote to memory of 4768 4448 rundll32.exe 78 PID 4448 wrote to memory of 4768 4448 rundll32.exe 78 PID 4448 wrote to memory of 4768 4448 rundll32.exe 78
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\95e32445007431b76331933f3af450650fb8c89c1d4d8c5499d93ae3cd467f51.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4448 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\95e32445007431b76331933f3af450650fb8c89c1d4d8c5499d93ae3cd467f51.dll,#12⤵PID:4768
-