Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 21:44
Behavioral task
behavioral1
Sample
dfb777db0bc402620383ebd7c9ecb01ab07d3b4a1aad8185c8360beb04b25c9f.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
dfb777db0bc402620383ebd7c9ecb01ab07d3b4a1aad8185c8360beb04b25c9f.dll
Resource
win10v2004-20230915-en
General
-
Target
dfb777db0bc402620383ebd7c9ecb01ab07d3b4a1aad8185c8360beb04b25c9f.dll
-
Size
899KB
-
MD5
b195df1ad2204444385469320f0d13e5
-
SHA1
059be317543736718e7215dc1a62346b5d4ac0cb
-
SHA256
dfb777db0bc402620383ebd7c9ecb01ab07d3b4a1aad8185c8360beb04b25c9f
-
SHA512
c8fac1cc060c2defcad23b5c9da689419d1139f3dc69cfdb8a3ee2ecb3cd9fb90d92c70510aad106d9000adb1528b91b312a025bb3a604e48d6fc65aacf2f6d1
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX2:7wqd87V2
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1508 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1904 wrote to memory of 1508 1904 rundll32.exe 87 PID 1904 wrote to memory of 1508 1904 rundll32.exe 87 PID 1904 wrote to memory of 1508 1904 rundll32.exe 87
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dfb777db0bc402620383ebd7c9ecb01ab07d3b4a1aad8185c8360beb04b25c9f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1904 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dfb777db0bc402620383ebd7c9ecb01ab07d3b4a1aad8185c8360beb04b25c9f.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:1508
-