Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
05/12/2022, 11:36
Static task
static1
Behavioral task
behavioral1
Sample
32674ea54da87fe517d374ee80357284d8f55cbaa847db4f0dab8f75b9438e2f.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
32674ea54da87fe517d374ee80357284d8f55cbaa847db4f0dab8f75b9438e2f.dll
Resource
win10v2004-20220812-en
General
-
Target
32674ea54da87fe517d374ee80357284d8f55cbaa847db4f0dab8f75b9438e2f.dll
-
Size
4KB
-
MD5
4f7e790352d65c5a100b3abfe21ffd80
-
SHA1
0aaa8d5c199d511a25555c9a94f13858aa1a1cb3
-
SHA256
32674ea54da87fe517d374ee80357284d8f55cbaa847db4f0dab8f75b9438e2f
-
SHA512
d1623c3e13e869b803c68fa420314b35ee3aca2a66566737a558f0fcf4377ac39946d3b4a8c03de7c8f450c9bd3461cc0df774e0f64e36e03feb9f03a96f028c
-
SSDEEP
48:SWkO0IoyTnXz+ihZjok6Czv/S1lUxZD+3:ZJTnXzvokPvq1lUi3
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4364 wrote to memory of 3672 4364 rundll32.exe 78 PID 4364 wrote to memory of 3672 4364 rundll32.exe 78 PID 4364 wrote to memory of 3672 4364 rundll32.exe 78
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\32674ea54da87fe517d374ee80357284d8f55cbaa847db4f0dab8f75b9438e2f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4364 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\32674ea54da87fe517d374ee80357284d8f55cbaa847db4f0dab8f75b9438e2f.dll,#12⤵PID:3672
-