Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
21/06/2023, 07:51
Behavioral task
behavioral1
Sample
dc55c78b5ceb3c21ad4aa2af56c7a359ff5f3e08d9f6912da7b7cee62807c7cf.dll
Resource
win7-20230220-en
4 signatures
150 seconds
General
-
Target
dc55c78b5ceb3c21ad4aa2af56c7a359ff5f3e08d9f6912da7b7cee62807c7cf.dll
-
Size
92KB
-
MD5
01767b0e766ccabb965bd88af49f733a
-
SHA1
3012e252559b75f7740469e5ec61377c89f56a40
-
SHA256
dc55c78b5ceb3c21ad4aa2af56c7a359ff5f3e08d9f6912da7b7cee62807c7cf
-
SHA512
7511d7b4a0671817ab624559407ffa8fae4d443b45436ffc43af5c5e8751c6c6b28d1c42ccdf96959427b25e5fc2dc6b7e191a9cbe874f69097f3ba6d1466357
-
SSDEEP
1536:fS0ZG4UMpzNFj5OKAWmlrYZRJmnPeUsgqzbLMsNOxBznt:fSAbAKAWmqYnPeUstzDMxBzn
Malware Config
Signatures
-
Blocklisted process makes network request 28 IoCs
flow pid Process 4 2152 rundll32.exe 16 2152 rundll32.exe 28 2152 rundll32.exe 36 2152 rundll32.exe 47 2152 rundll32.exe 48 2152 rundll32.exe 53 2152 rundll32.exe 54 2152 rundll32.exe 59 2152 rundll32.exe 65 2152 rundll32.exe 83 2152 rundll32.exe 91 2152 rundll32.exe 103 2152 rundll32.exe 109 2152 rundll32.exe 112 2152 rundll32.exe 113 2152 rundll32.exe 114 2152 rundll32.exe 115 2152 rundll32.exe 116 2152 rundll32.exe 117 2152 rundll32.exe 118 2152 rundll32.exe 119 2152 rundll32.exe 120 2152 rundll32.exe 121 2152 rundll32.exe 122 2152 rundll32.exe 123 2152 rundll32.exe 124 2152 rundll32.exe 125 2152 rundll32.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2152 rundll32.exe 2152 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2228 wrote to memory of 2152 2228 rundll32.exe 83 PID 2228 wrote to memory of 2152 2228 rundll32.exe 83 PID 2228 wrote to memory of 2152 2228 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dc55c78b5ceb3c21ad4aa2af56c7a359ff5f3e08d9f6912da7b7cee62807c7cf.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dc55c78b5ceb3c21ad4aa2af56c7a359ff5f3e08d9f6912da7b7cee62807c7cf.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:2152
-