Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
20/08/2023, 11:49
Static task
static1
Behavioral task
behavioral1
Sample
7d03e9956d0450a88ffb4673f316119f8c28f64a6fe8f63f542861e2c1bdad67.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
7d03e9956d0450a88ffb4673f316119f8c28f64a6fe8f63f542861e2c1bdad67.dll
Resource
win10v2004-20230703-en
General
-
Target
7d03e9956d0450a88ffb4673f316119f8c28f64a6fe8f63f542861e2c1bdad67.dll
-
Size
1.1MB
-
MD5
30486cba3b9135fa9224aa0005662cde
-
SHA1
786f00752601914590df8caba7161fab75886b8f
-
SHA256
7d03e9956d0450a88ffb4673f316119f8c28f64a6fe8f63f542861e2c1bdad67
-
SHA512
ce4de3af7b7524f320ad49a61fc9934916de8d73caa619fcbe5def6cb37163c82bed1c4ee5ae30b0739f0c8cf8f1e2cfdb4e89eb8a3df303286974beef4cf486
-
SSDEEP
24576:Tgr1Ry7d/LU2ylEI0/ezhaMClIOmYhjLawa:sLW/vylEI0/ChaMCf4wa
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4132 wrote to memory of 3476 4132 rundll32.exe 81 PID 4132 wrote to memory of 3476 4132 rundll32.exe 81 PID 4132 wrote to memory of 3476 4132 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7d03e9956d0450a88ffb4673f316119f8c28f64a6fe8f63f542861e2c1bdad67.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4132 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7d03e9956d0450a88ffb4673f316119f8c28f64a6fe8f63f542861e2c1bdad67.dll,#12⤵PID:3476
-