Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
12/10/2023, 16:40
Static task
static1
Behavioral task
behavioral1
Sample
a4014caca28a4f2495e3a23a6cd9ea1eb24120e16556a8461d230bb05e9322f9.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
a4014caca28a4f2495e3a23a6cd9ea1eb24120e16556a8461d230bb05e9322f9.dll
Resource
win10v2004-20230915-en
General
-
Target
a4014caca28a4f2495e3a23a6cd9ea1eb24120e16556a8461d230bb05e9322f9.dll
-
Size
1.8MB
-
MD5
eb3c62a125e435e056a299ff4dc0e24e
-
SHA1
282a63dca645aba7b5ec50e0030ce3ab14da6f4f
-
SHA256
a4014caca28a4f2495e3a23a6cd9ea1eb24120e16556a8461d230bb05e9322f9
-
SHA512
be227eaec3f972be744142d3462ee19ab151a263695dec0ac20dc2a8fda2da55e0780623782df230eac4a9b226cc927f829313bca360c96109034eaf5b30add7
-
SSDEEP
24576:xizFihoH7KYkQG+llJllllllllllllllll4C8oVPDYCl/g4t:xiwhCmQGeJg4t
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4304 wrote to memory of 484 4304 rundll32.exe 82 PID 4304 wrote to memory of 484 4304 rundll32.exe 82 PID 4304 wrote to memory of 484 4304 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a4014caca28a4f2495e3a23a6cd9ea1eb24120e16556a8461d230bb05e9322f9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4304 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a4014caca28a4f2495e3a23a6cd9ea1eb24120e16556a8461d230bb05e9322f9.dll,#12⤵PID:484
-