Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
160s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
24/12/2023, 15:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
033fafa9a3dcb8de5a349d05784fa70f.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
033fafa9a3dcb8de5a349d05784fa70f.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
033fafa9a3dcb8de5a349d05784fa70f.dll
-
Size
3KB
-
MD5
033fafa9a3dcb8de5a349d05784fa70f
-
SHA1
2611a8502d0e295f7c30f549e5381945072066ee
-
SHA256
29ff4db31c821189775f54d3b0ff8c2ecc29535c39b8ee9a6f765a114e8631dc
-
SHA512
5dc3ecb5c7ed716520e453d25ddd2a0a28b14414a3e02edd5a51cbdb26dbc46f1a9902e78bae76b999f224a6bfa18ce4c47a3252c288a51ecc1e62a311e79e33
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5032 wrote to memory of 3620 5032 rundll32.exe 87 PID 5032 wrote to memory of 3620 5032 rundll32.exe 87 PID 5032 wrote to memory of 3620 5032 rundll32.exe 87
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\033fafa9a3dcb8de5a349d05784fa70f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5032 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\033fafa9a3dcb8de5a349d05784fa70f.dll,#12⤵PID:3620
-