Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
196s -
max time network
206s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2023, 16:41
Static task
static1
Behavioral task
behavioral1
Sample
3b463f187cfae1a0e96cdfaaa23dddabd42c145e1908981182aa910430337a86.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
3b463f187cfae1a0e96cdfaaa23dddabd42c145e1908981182aa910430337a86.dll
Resource
win10v2004-20230915-en
General
-
Target
3b463f187cfae1a0e96cdfaaa23dddabd42c145e1908981182aa910430337a86.dll
-
Size
816KB
-
MD5
34ab64ffaa8a02347c8329f7d8c76ee4
-
SHA1
913dda0397eed350fa580e89ad2ac36ea5427eed
-
SHA256
3b463f187cfae1a0e96cdfaaa23dddabd42c145e1908981182aa910430337a86
-
SHA512
3a39de8b8287d2f7cd0a820860c28b4535cda4fb320c612b11d00623c0c76a0c5a0db60880bbdf801151fb2b6c139b6e6389bce7027b8b2bee68dc82d400cc6c
-
SSDEEP
12288:IwiBnssx/mm9cCNJ9bQPRcU99iPRzS55xQOweeec6:IPhxum9NLUZ599ipzS55xQOweeeR
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2608 rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2608 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 640 wrote to memory of 2608 640 rundll32.exe 84 PID 640 wrote to memory of 2608 640 rundll32.exe 84 PID 640 wrote to memory of 2608 640 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b463f187cfae1a0e96cdfaaa23dddabd42c145e1908981182aa910430337a86.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3b463f187cfae1a0e96cdfaaa23dddabd42c145e1908981182aa910430337a86.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2608
-