Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
16/08/2023, 17:40
Static task
static1
Behavioral task
behavioral1
Sample
164b8785c5af0ca98d5d0ee7a890f5399b3e80a91846dc0b4dc3dbf0d2d9df4e.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
164b8785c5af0ca98d5d0ee7a890f5399b3e80a91846dc0b4dc3dbf0d2d9df4e.dll
Resource
win10v2004-20230703-en
General
-
Target
164b8785c5af0ca98d5d0ee7a890f5399b3e80a91846dc0b4dc3dbf0d2d9df4e.dll
-
Size
2.0MB
-
MD5
40d20551cbce906edcd4e180ef3c9699
-
SHA1
d8ce3782ef4ed74ceb7a15a5bc745e20be57c31d
-
SHA256
164b8785c5af0ca98d5d0ee7a890f5399b3e80a91846dc0b4dc3dbf0d2d9df4e
-
SHA512
c200c460a0e172e1b2f668f307d79689d9ec4d804f1954459b4367e2896a79f60f279897f9621994f65c6909e5e458ff8834231e96a9b349ee66743230a2f66f
-
SSDEEP
49152:F0bxVqH+t6rw7AQ9RdMKFlk2Y/gCXPvxzk:F03si+k9EKFlAo
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2324 wrote to memory of 4876 2324 rundll32.exe 81 PID 2324 wrote to memory of 4876 2324 rundll32.exe 81 PID 2324 wrote to memory of 4876 2324 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\164b8785c5af0ca98d5d0ee7a890f5399b3e80a91846dc0b4dc3dbf0d2d9df4e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\164b8785c5af0ca98d5d0ee7a890f5399b3e80a91846dc0b4dc3dbf0d2d9df4e.dll,#12⤵PID:4876
-