Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system -
submitted
17/11/2023, 15:39
Behavioral task
behavioral1
Sample
d0771e6ac39be48e4d98237e020037ac6fa934433b9cedf4d2939a31c861f843.dll
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
d0771e6ac39be48e4d98237e020037ac6fa934433b9cedf4d2939a31c861f843.dll
Resource
win10v2004-20231020-en
General
-
Target
d0771e6ac39be48e4d98237e020037ac6fa934433b9cedf4d2939a31c861f843.dll
-
Size
899KB
-
MD5
72d9b1106d42b3976f7430fa01bd334f
-
SHA1
fe608a7dc38e79d5ba9c3a78dd27ae80e035427b
-
SHA256
d0771e6ac39be48e4d98237e020037ac6fa934433b9cedf4d2939a31c861f843
-
SHA512
4c6de1aa454e2db24152414c83022d025fc646e5d9378068f2d67afde45c8f093a532fcb891666a4d52fb1ddacdaa6fe16df21630e75d4a2f58114a70f3de1ae
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXN:7wqd87VN
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3356 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2776 wrote to memory of 3356 2776 rundll32.exe 86 PID 2776 wrote to memory of 3356 2776 rundll32.exe 86 PID 2776 wrote to memory of 3356 2776 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0771e6ac39be48e4d98237e020037ac6fa934433b9cedf4d2939a31c861f843.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2776 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0771e6ac39be48e4d98237e020037ac6fa934433b9cedf4d2939a31c861f843.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:3356
-