Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
23/08/2023, 18:32
Static task
static1
Behavioral task
behavioral1
Sample
1ebcf75bc545822e605ba5d545e99fefe80313842e4b3dae3f53bb074b743a0c.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
1ebcf75bc545822e605ba5d545e99fefe80313842e4b3dae3f53bb074b743a0c.dll
Resource
win10v2004-20230703-en
General
-
Target
1ebcf75bc545822e605ba5d545e99fefe80313842e4b3dae3f53bb074b743a0c.dll
-
Size
836KB
-
MD5
fda41ca89f07c5c32cf947a6f7821986
-
SHA1
91e42dcd39d80bdc664bb16a2cde63a9891396fc
-
SHA256
1ebcf75bc545822e605ba5d545e99fefe80313842e4b3dae3f53bb074b743a0c
-
SHA512
c80080c618d66b8918ec0215775bca4689f90515eaf0a79f1e7bcec059f4d5ed7fc8f7b67e2a625fbcf187a589b5f115361123a2408ff93da29fd47f8d296649
-
SSDEEP
24576:94orqbUGe67lm0G44tW4oAndrxRlAEHY6:9tzGRm0itW4Z5xRlZH
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2784 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1452 wrote to memory of 2784 1452 rundll32.exe 80 PID 1452 wrote to memory of 2784 1452 rundll32.exe 80 PID 1452 wrote to memory of 2784 1452 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1ebcf75bc545822e605ba5d545e99fefe80313842e4b3dae3f53bb074b743a0c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1452 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1ebcf75bc545822e605ba5d545e99fefe80313842e4b3dae3f53bb074b743a0c.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:2784
-