Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
23/10/2023, 08:40
Behavioral task
behavioral1
Sample
482bd9c4fc47e625fff7028e1c466b034619398b27f01b43e012fa390dd34720.dll
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
482bd9c4fc47e625fff7028e1c466b034619398b27f01b43e012fa390dd34720.dll
Resource
win10v2004-20231020-en
General
-
Target
482bd9c4fc47e625fff7028e1c466b034619398b27f01b43e012fa390dd34720.dll
-
Size
51KB
-
MD5
cb83e0929ab0dc5a83f89691e260db83
-
SHA1
e2ea18fb4beacd86f3f541427030ca5aa90e373d
-
SHA256
482bd9c4fc47e625fff7028e1c466b034619398b27f01b43e012fa390dd34720
-
SHA512
7c80743192e7aa8e087f2dca9c4e3415e7e474238822fa4621a31262aeca2edb5b5a87a251e57885f1217a1588553f446554db9c562b27480469f540d6607f69
-
SSDEEP
1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLtJYH5:1dWubF3n9S91BF3fboRJYH5
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4220 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4324 wrote to memory of 4220 4324 rundll32.exe 85 PID 4324 wrote to memory of 4220 4324 rundll32.exe 85 PID 4324 wrote to memory of 4220 4324 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\482bd9c4fc47e625fff7028e1c466b034619398b27f01b43e012fa390dd34720.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4324 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\482bd9c4fc47e625fff7028e1c466b034619398b27f01b43e012fa390dd34720.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:4220
-