Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 21:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3e5e7a9eb79fcf47b89ae19c5a1c0eaa.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3e5e7a9eb79fcf47b89ae19c5a1c0eaa.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
3e5e7a9eb79fcf47b89ae19c5a1c0eaa.dll
-
Size
112KB
-
MD5
3e5e7a9eb79fcf47b89ae19c5a1c0eaa
-
SHA1
35effd49cd9fbb3d91dee83de1595200f34d186b
-
SHA256
dbf7d84621d732ea4889e79534a7a93ff3db8019067f27a5313ddd368b9d9ede
-
SHA512
19518c2290d0d8cdc0f636020ba6f799bf5651cb72820e588cf0cc8b55a7a222689d8a6fd20c0b9f877c1bc08d6b486394e5108199147f02bebe4931c7953ce8
-
SSDEEP
1536:tOUxwi34FuLdtNdm2CUZSHEiA7Suk6e9yGzc6iltguGwZTsUGAx2O7ZGrDqCRKC:V3PMlZqtgpwZmAx2O7ZGPVRX
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4424 wrote to memory of 448 4424 rundll32.exe 91 PID 4424 wrote to memory of 448 4424 rundll32.exe 91 PID 4424 wrote to memory of 448 4424 rundll32.exe 91
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e5e7a9eb79fcf47b89ae19c5a1c0eaa.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4424 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3e5e7a9eb79fcf47b89ae19c5a1c0eaa.dll,#12⤵PID:448
-