Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
25/08/2023, 23:32
Behavioral task
behavioral1
Sample
7d5c1f95c7005d85b60f166cb6dec1895b648e597e1ca672b693163fee26cf84.dll
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral2
Sample
7d5c1f95c7005d85b60f166cb6dec1895b648e597e1ca672b693163fee26cf84.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
General
-
Target
7d5c1f95c7005d85b60f166cb6dec1895b648e597e1ca672b693163fee26cf84.dll
-
Size
1.3MB
-
MD5
00d895d1447afe0cc287964bc2cca439
-
SHA1
57187f30f6981921c686843ecdcf3756c7f2272d
-
SHA256
7d5c1f95c7005d85b60f166cb6dec1895b648e597e1ca672b693163fee26cf84
-
SHA512
5b0fed1a4628eb6b877c07cd334a7fb4befb3da66c7b9100aa5d95d809d22e3ec69a2a3f4cfd0dc08ebe70ac740de1aeaacef60fc5e4351e745db7c4214a4178
-
SSDEEP
24576:gUK/+p8q03+U3irw2zABeob/EhoXdnRlreuvCQTJptkgtKlD980YDdQ:g/QYiEBtAMn3FvCsL7tY+C
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
flow pid Process 6 4216 rundll32.exe 7 4216 rundll32.exe 17 4216 rundll32.exe 18 4216 rundll32.exe 19 4216 rundll32.exe 20 4216 rundll32.exe 21 4216 rundll32.exe 22 4216 rundll32.exe 23 4216 rundll32.exe 24 4216 rundll32.exe 25 4216 rundll32.exe 28 4216 rundll32.exe 33 4216 rundll32.exe 34 4216 rundll32.exe 35 4216 rundll32.exe 36 4216 rundll32.exe 37 4216 rundll32.exe 38 4216 rundll32.exe 39 4216 rundll32.exe 40 4216 rundll32.exe 41 4216 rundll32.exe 42 4216 rundll32.exe 43 4216 rundll32.exe 44 4216 rundll32.exe 45 4216 rundll32.exe 46 4216 rundll32.exe 47 4216 rundll32.exe 48 4216 rundll32.exe 49 4216 rundll32.exe 50 4216 rundll32.exe 56 4216 rundll32.exe 57 4216 rundll32.exe 62 4216 rundll32.exe 63 4216 rundll32.exe 64 4216 rundll32.exe 65 4216 rundll32.exe 66 4216 rundll32.exe 67 4216 rundll32.exe 68 4216 rundll32.exe 69 4216 rundll32.exe 70 4216 rundll32.exe 71 4216 rundll32.exe 72 4216 rundll32.exe 73 4216 rundll32.exe 74 4216 rundll32.exe 75 4216 rundll32.exe 76 4216 rundll32.exe 77 4216 rundll32.exe 78 4216 rundll32.exe 79 4216 rundll32.exe 80 4216 rundll32.exe 81 4216 rundll32.exe 82 4216 rundll32.exe 83 4216 rundll32.exe 84 4216 rundll32.exe 85 4216 rundll32.exe 86 4216 rundll32.exe 87 4216 rundll32.exe 88 4216 rundll32.exe 89 4216 rundll32.exe 90 4216 rundll32.exe 91 4216 rundll32.exe 93 4216 rundll32.exe 94 4216 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 232 wrote to memory of 4216 232 rundll32.exe 82 PID 232 wrote to memory of 4216 232 rundll32.exe 82 PID 232 wrote to memory of 4216 232 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7d5c1f95c7005d85b60f166cb6dec1895b648e597e1ca672b693163fee26cf84.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:232 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7d5c1f95c7005d85b60f166cb6dec1895b648e597e1ca672b693163fee26cf84.dll,#12⤵
- Blocklisted process makes network request
PID:4216
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
378KB
MD5508bc281a5cadad8886af768ed476704
SHA1edb86b46e721bc606a664f01243bf8f514b19a3b
SHA256902f8c47763c1f5642d1409a373bc780a46bf3f2d57ebee7c3c5705ad0927a04
SHA5121352b154ebe85fba0b4497e68f6699eab73c3f3dfe66c1d56c3eeb8af1ed7a611176fd9d59a407e3712080647af842e71b11f00c85927df160f4058cbcd7ea9c