Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
07/01/2023, 07:34
Static task
static1
Behavioral task
behavioral1
Sample
e91c597a7ca1b79a3161edd4bf67b7eda351608ec040855730dbef9d99cf6bd7.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e91c597a7ca1b79a3161edd4bf67b7eda351608ec040855730dbef9d99cf6bd7.dll
Resource
win10v2004-20220812-en
General
-
Target
e91c597a7ca1b79a3161edd4bf67b7eda351608ec040855730dbef9d99cf6bd7.dll
-
Size
320KB
-
MD5
ae7e67c9dcac7289f2b5c6341456d237
-
SHA1
066f38bae7d530eeee71fa1d3cca5441338160a3
-
SHA256
e91c597a7ca1b79a3161edd4bf67b7eda351608ec040855730dbef9d99cf6bd7
-
SHA512
03812afc4f16675c61404edb0d9d850c0c58129943813d5e181480f7fcdc9ff2b2a14bbd93e936e199c6931e9ed8f5ab08eb59a0be259b9be08c12017c9d4ca8
-
SSDEEP
6144:Af8ksbPJ12YTxPOlTCkPmYQITfdvopftZNbTfLmFap0u5:Af8kex1TTxPGfPflIftDXfL10u5
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3040 wrote to memory of 4972 3040 rundll32.exe 81 PID 3040 wrote to memory of 4972 3040 rundll32.exe 81 PID 3040 wrote to memory of 4972 3040 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e91c597a7ca1b79a3161edd4bf67b7eda351608ec040855730dbef9d99cf6bd7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e91c597a7ca1b79a3161edd4bf67b7eda351608ec040855730dbef9d99cf6bd7.dll,#12⤵PID:4972
-