Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20230824-en -
resource tags
arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system -
submitted
28/08/2023, 04:35
Behavioral task
behavioral1
Sample
0488f713f03d5fb949581d2868dc97462afe9ae2954d174c0c2e515eea0c4e96.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
0488f713f03d5fb949581d2868dc97462afe9ae2954d174c0c2e515eea0c4e96.dll
Resource
win10v2004-20230824-en
General
-
Target
0488f713f03d5fb949581d2868dc97462afe9ae2954d174c0c2e515eea0c4e96.dll
-
Size
899KB
-
MD5
b24b04a5a2189d2041f4656f8b7164db
-
SHA1
6c9f903d0783ab4de76855e04b734549d3c43bff
-
SHA256
0488f713f03d5fb949581d2868dc97462afe9ae2954d174c0c2e515eea0c4e96
-
SHA512
b75768cfb0f8756d958f6a059d123befc427590db889b3926d5cf6e9a51394082ea6707615a14c5d85270a49ef8a64731810127fd63e01c34923a95a8d71577b
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX9:7wqd87V9
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2104 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4748 wrote to memory of 2104 4748 rundll32.exe 84 PID 4748 wrote to memory of 2104 4748 rundll32.exe 84 PID 4748 wrote to memory of 2104 4748 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0488f713f03d5fb949581d2868dc97462afe9ae2954d174c0c2e515eea0c4e96.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4748 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0488f713f03d5fb949581d2868dc97462afe9ae2954d174c0c2e515eea0c4e96.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2104
-