Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
185s -
max time network
190s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
06/12/2022, 00:53
Static task
static1
Behavioral task
behavioral1
Sample
f760f8a93e3f0c0eb8797c18233cbf7f15a2d28854a6be0e294c431b66854a86.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f760f8a93e3f0c0eb8797c18233cbf7f15a2d28854a6be0e294c431b66854a86.dll
Resource
win10v2004-20221111-en
General
-
Target
f760f8a93e3f0c0eb8797c18233cbf7f15a2d28854a6be0e294c431b66854a86.dll
-
Size
5KB
-
MD5
6d5e4ae78c61cdc642f4932d9d83e8f0
-
SHA1
52914886118fa52b201f03f526d4c2a4138385dc
-
SHA256
f760f8a93e3f0c0eb8797c18233cbf7f15a2d28854a6be0e294c431b66854a86
-
SHA512
39e92453a8ca984f0a8ec9b2bc0b3ad5ed5fb8f545a0d7e791381f16e23852f556904b25b583d82ffce359916b61aa396526efb85f91d4c15b70ad83615c0907
-
SSDEEP
96:XprYDpKnI6wJ+Ls7guyHejyn/I9l0iaiu2R:XUcA+ggd+W/If0iM2R
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5084 wrote to memory of 5040 5084 rundll32.exe 82 PID 5084 wrote to memory of 5040 5084 rundll32.exe 82 PID 5084 wrote to memory of 5040 5084 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f760f8a93e3f0c0eb8797c18233cbf7f15a2d28854a6be0e294c431b66854a86.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5084 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f760f8a93e3f0c0eb8797c18233cbf7f15a2d28854a6be0e294c431b66854a86.dll,#12⤵PID:5040
-