Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
161s -
max time network
187s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
06/12/2022, 06:06
Static task
static1
Behavioral task
behavioral1
Sample
ed2a3cd0758ce6c2f372dcb1795ae69677937cbe9866e13776c09575f935cfa5.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ed2a3cd0758ce6c2f372dcb1795ae69677937cbe9866e13776c09575f935cfa5.dll
Resource
win10v2004-20221111-en
General
-
Target
ed2a3cd0758ce6c2f372dcb1795ae69677937cbe9866e13776c09575f935cfa5.dll
-
Size
19KB
-
MD5
acb232f4d0a9848741a2fe63c36aedc4
-
SHA1
8f8e0136159fa9c9e99cace69ed2b8fdc0f31dc9
-
SHA256
ed2a3cd0758ce6c2f372dcb1795ae69677937cbe9866e13776c09575f935cfa5
-
SHA512
99e61c99a08060440e4a018136aa5949de282ca92fb44bad5ba289c8298f90a6df970aaf4f064d3206d56e52e0de22e1820aa5bf448b878625dedbde52139a5c
-
SSDEEP
384:Clv4YiKEjcYXmmDP5Eiz4xs9ORqR6RhRKR9+R++RyRT:SATKEjNxbkxxwkXAuVo
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5092 wrote to memory of 4200 5092 rundll32.exe 82 PID 5092 wrote to memory of 4200 5092 rundll32.exe 82 PID 5092 wrote to memory of 4200 5092 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed2a3cd0758ce6c2f372dcb1795ae69677937cbe9866e13776c09575f935cfa5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5092 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ed2a3cd0758ce6c2f372dcb1795ae69677937cbe9866e13776c09575f935cfa5.dll,#12⤵PID:4200
-