Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
06/12/2022, 20:29
Behavioral task
behavioral1
Sample
f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll
Resource
win10v2004-20220812-en
General
-
Target
f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll
-
Size
56KB
-
MD5
6e72520a70b1b051de58366d1aa236a0
-
SHA1
97e4c6f1806d621a44d24dddaa2f7e2dbaf81e6e
-
SHA256
f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d
-
SHA512
c60b9d4ea3dbcb821f4a48ff3b42bcdf777df4de3577c2df348f69921a541a7eecfe3573baf36a58977db9edd18776a5b22401f1407bc0310a9a2f9794d8a657
-
SSDEEP
1536:kjRUjsK3W8jkG3TaBrGqNwa8n0wZkXzt+JSJ91gLV:kF2sK7gG3TaBCqGLrSkc91MV
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4804 wrote to memory of 4856 4804 rundll32.exe 80 PID 4804 wrote to memory of 4856 4804 rundll32.exe 80 PID 4804 wrote to memory of 4856 4804 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4804 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll,#12⤵PID:4856
-