Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
16/06/2023, 09:55
Static task
static1
Behavioral task
behavioral1
Sample
c7d60409c7e13bc687f83dc8624680fdaee30c1f8db228535b891bc414af58c8.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
c7d60409c7e13bc687f83dc8624680fdaee30c1f8db228535b891bc414af58c8.dll
Resource
win10v2004-20230220-en
General
-
Target
c7d60409c7e13bc687f83dc8624680fdaee30c1f8db228535b891bc414af58c8.dll
-
Size
2.1MB
-
MD5
d9966a49baa7c432019d4d4f4c0b9071
-
SHA1
1e72e8d1b4e42dbdb7fa6d03c00cdd822c4b546b
-
SHA256
c7d60409c7e13bc687f83dc8624680fdaee30c1f8db228535b891bc414af58c8
-
SHA512
1eb0f670c302d065e8d6170fff4da2de1ca5a9ba58a473388b09a7429a25554cf9faf21c54b1f20f507f99666f066c051c9e1c3f2a0b7bfda1ff70902c92b092
-
SSDEEP
24576:Nhlq62b/Gdj9MsV+DfQyQt1AoF1fGPJtsGDlaDGYgFtTdY3nDipK/f3wKT42+v4b:H3DN+D8t1AoFMwPG3d+Dy2P7V2CC1E
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1828 wrote to memory of 1868 1828 rundll32.exe 86 PID 1828 wrote to memory of 1868 1828 rundll32.exe 86 PID 1828 wrote to memory of 1868 1828 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c7d60409c7e13bc687f83dc8624680fdaee30c1f8db228535b891bc414af58c8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1828 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c7d60409c7e13bc687f83dc8624680fdaee30c1f8db228535b891bc414af58c8.dll,#12⤵PID:1868
-