Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
19/12/2023, 22:22
Behavioral task
behavioral1
Sample
7278b90de49b24876bdc928a87527c40689e90ddf0f7c512a9a33e701781b5f5.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
7278b90de49b24876bdc928a87527c40689e90ddf0f7c512a9a33e701781b5f5.dll
Resource
win10v2004-20231215-en
General
-
Target
7278b90de49b24876bdc928a87527c40689e90ddf0f7c512a9a33e701781b5f5.dll
-
Size
899KB
-
MD5
d76178ff94ea5e1e16b42adba63ff3d4
-
SHA1
89eac130400dbcd902a81c8d202a4cb4603e5e25
-
SHA256
7278b90de49b24876bdc928a87527c40689e90ddf0f7c512a9a33e701781b5f5
-
SHA512
1a515f45df00557ca43b81d90211b5b51ccaf15152f3cc1eafa21940ff01767ac840835b89fbce22462609eb9c142a4817e4f8a54578426b68d12bffdb214496
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX1:7wqd87V1
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1456 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 880 wrote to memory of 1456 880 rundll32.exe 67 PID 880 wrote to memory of 1456 880 rundll32.exe 67 PID 880 wrote to memory of 1456 880 rundll32.exe 67
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7278b90de49b24876bdc928a87527c40689e90ddf0f7c512a9a33e701781b5f5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:880 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7278b90de49b24876bdc928a87527c40689e90ddf0f7c512a9a33e701781b5f5.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:1456
-