Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
130s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 13:24
Static task
static1
Behavioral task
behavioral1
Sample
e3daf9e07769c4d52ce231379e81cc07671f0fc1a49437eccc2509bd6d550190.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
e3daf9e07769c4d52ce231379e81cc07671f0fc1a49437eccc2509bd6d550190.dll
Resource
win10v2004-20230915-en
General
-
Target
e3daf9e07769c4d52ce231379e81cc07671f0fc1a49437eccc2509bd6d550190.dll
-
Size
5.6MB
-
MD5
4ac45287f29d444a993da8c43ceff81b
-
SHA1
cfdb48d472619e91368229fe348bdc186fb43a92
-
SHA256
e3daf9e07769c4d52ce231379e81cc07671f0fc1a49437eccc2509bd6d550190
-
SHA512
23be98b9e280c2ee8a3a6af00cd280b456035cb57e44fe790fbc83f354080b93459e50c06fae3b67875bd5c14c9ee61c4c7751e233cd03514d9c4c52cd2771dd
-
SSDEEP
49152:JMd2l+/kj9A0+JfbnXHaczfaWM3KjVPVdHuUefBdRX7e5pedHWdY5Loko8XD1Sgd:HAZJfbaczf/MWTdH2l7nZW651LaL/Uh
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 4568 rundll32.exe 4568 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1244 wrote to memory of 4568 1244 rundll32.exe 81 PID 1244 wrote to memory of 4568 1244 rundll32.exe 81 PID 1244 wrote to memory of 4568 1244 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e3daf9e07769c4d52ce231379e81cc07671f0fc1a49437eccc2509bd6d550190.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1244 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e3daf9e07769c4d52ce231379e81cc07671f0fc1a49437eccc2509bd6d550190.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:4568
-