Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
01/08/2023, 10:33
Static task
static1
Behavioral task
behavioral1
Sample
636a44805b1102ae966f9cd73b4c99d8b17ecbeed73c7c917020e40165da1d5c.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
636a44805b1102ae966f9cd73b4c99d8b17ecbeed73c7c917020e40165da1d5c.dll
Resource
win10v2004-20230703-en
General
-
Target
636a44805b1102ae966f9cd73b4c99d8b17ecbeed73c7c917020e40165da1d5c.dll
-
Size
2.8MB
-
MD5
a4177d0e21673d488daa4cdc5e431a78
-
SHA1
579193efb1929c616c65e8f7698e097accc4a392
-
SHA256
636a44805b1102ae966f9cd73b4c99d8b17ecbeed73c7c917020e40165da1d5c
-
SHA512
acb626b8ef19979152f2761a6ee6e6a4d9bedcb73cb8f7ae0872533b2f1a2dcf620911c8edfe96153c7312267c9e0f5cc274e0551832264ab843569286a1e946
-
SSDEEP
49152:9hQ3BUv438AsC3YCKkFKXHISqh7mdsI3ozug+ZDPi7/7h:bKW7oKkGqasI3o0DP
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 824 wrote to memory of 3496 824 rundll32.exe 84 PID 824 wrote to memory of 3496 824 rundll32.exe 84 PID 824 wrote to memory of 3496 824 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\636a44805b1102ae966f9cd73b4c99d8b17ecbeed73c7c917020e40165da1d5c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:824 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\636a44805b1102ae966f9cd73b4c99d8b17ecbeed73c7c917020e40165da1d5c.dll,#12⤵PID:3496
-