Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230831-en -
resource tags
arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system -
submitted
01/09/2023, 14:33
Behavioral task
behavioral1
Sample
bd0fbda49b96a135b6567e602e3eda5ce712643436f09b46871b54d1da046f57.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
bd0fbda49b96a135b6567e602e3eda5ce712643436f09b46871b54d1da046f57.dll
Resource
win10v2004-20230831-en
General
-
Target
bd0fbda49b96a135b6567e602e3eda5ce712643436f09b46871b54d1da046f57.dll
-
Size
899KB
-
MD5
93f1d6c68fed85bed063483f15c45af3
-
SHA1
32273b31cbb388c174d55b95245f5401bc7b21dc
-
SHA256
bd0fbda49b96a135b6567e602e3eda5ce712643436f09b46871b54d1da046f57
-
SHA512
d1136ff5a658309285bc24774e4ef9db03bfcbfa664046d2cf40e8be42d3ad298d567e0f6c69c89172e6fb67e0b37b08cd9a4bb26d07a20fd883a22e9f0676a1
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXO:7wqd87VO
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3776 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4412 wrote to memory of 3776 4412 rundll32.exe 82 PID 4412 wrote to memory of 3776 4412 rundll32.exe 82 PID 4412 wrote to memory of 3776 4412 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bd0fbda49b96a135b6567e602e3eda5ce712643436f09b46871b54d1da046f57.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4412 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bd0fbda49b96a135b6567e602e3eda5ce712643436f09b46871b54d1da046f57.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:3776
-