Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
246s -
max time network
319s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
06/12/2022, 01:26
Static task
static1
Behavioral task
behavioral1
Sample
67795187ce16a03e109a9a6aef7421839f0bd71a7f94e4896ec2f70c4dd5fa3c.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
67795187ce16a03e109a9a6aef7421839f0bd71a7f94e4896ec2f70c4dd5fa3c.dll
Resource
win10v2004-20221111-en
General
-
Target
67795187ce16a03e109a9a6aef7421839f0bd71a7f94e4896ec2f70c4dd5fa3c.dll
-
Size
7KB
-
MD5
b69cbb3da33c420e07a1e28123054d90
-
SHA1
6af32bbcb2a1397f017c4f57f891b348be187aa8
-
SHA256
67795187ce16a03e109a9a6aef7421839f0bd71a7f94e4896ec2f70c4dd5fa3c
-
SHA512
f47e5436e55c5c9c050e9373e87810a0f088b48051b3edc32def3fe15249216ba2721b1f53c913a6554dd6802c71bf4933d9d41c0ffb496a0b36c7160c75eca9
-
SSDEEP
192:F746TMz9BGF/YFAWcUx0KZXZydRrclrPlJAeU:FVTi9S/Y5cUQeU
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3868 wrote to memory of 4808 3868 rundll32.exe 80 PID 3868 wrote to memory of 4808 3868 rundll32.exe 80 PID 3868 wrote to memory of 4808 3868 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\67795187ce16a03e109a9a6aef7421839f0bd71a7f94e4896ec2f70c4dd5fa3c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3868 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\67795187ce16a03e109a9a6aef7421839f0bd71a7f94e4896ec2f70c4dd5fa3c.dll,#12⤵PID:4808
-