Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
05/12/2022, 11:28
Static task
static1
Behavioral task
behavioral1
Sample
f7b67a80d4f53e82643652c727a1d81d65b283e4f9cd2173e5e107ea6390a3dc.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f7b67a80d4f53e82643652c727a1d81d65b283e4f9cd2173e5e107ea6390a3dc.dll
Resource
win10v2004-20220812-en
General
-
Target
f7b67a80d4f53e82643652c727a1d81d65b283e4f9cd2173e5e107ea6390a3dc.dll
-
Size
6KB
-
MD5
829596ce27c8755a0652303473de3060
-
SHA1
6c71e9c39332077658ed08acea93ecd47551244c
-
SHA256
f7b67a80d4f53e82643652c727a1d81d65b283e4f9cd2173e5e107ea6390a3dc
-
SHA512
1fa64e0c9b9b95711d91125bbea52007b67b75d9f02cbd1815d2d4d5eca3448312dd8eb2dd64bdaa256bfda9e49cb9e082297c64d732ef80ac7323533357ea20
-
SSDEEP
192:JR94/bz3Bih7ZDQqk1AKiwrST+t3vL4HppO:dKY97
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5100 wrote to memory of 5088 5100 rundll32.exe 58 PID 5100 wrote to memory of 5088 5100 rundll32.exe 58 PID 5100 wrote to memory of 5088 5100 rundll32.exe 58
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f7b67a80d4f53e82643652c727a1d81d65b283e4f9cd2173e5e107ea6390a3dc.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5100 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f7b67a80d4f53e82643652c727a1d81d65b283e4f9cd2173e5e107ea6390a3dc.dll,#12⤵PID:5088
-