Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 07:13
Behavioral task
behavioral1
Sample
0deee029f319e90c1674a1f1f2f3effd.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0deee029f319e90c1674a1f1f2f3effd.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
0deee029f319e90c1674a1f1f2f3effd.dll
-
Size
60KB
-
MD5
0deee029f319e90c1674a1f1f2f3effd
-
SHA1
338a4bc617f23f02c632a399af426a0da3f09b63
-
SHA256
bd2981c606f836bdfb99e810bbc2175094e23f9febd2e15834f5649501dccffc
-
SHA512
98688f4a8ce394696ca0b714d74c92be784b77c26a17d9b90551879f9d81d08a4dc2609f6bb153ec01a70c7b7d894f91da7186fcbe373bef989427b6a9c26828
-
SSDEEP
1536:PSbdSCMSJq5bXgfKZMsC0MQUEN+EVM/QAU+1:6dhqpXpZMsCHaN+yE1
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4844-0-0x0000000010000000-0x000000001000F000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2068 wrote to memory of 4844 2068 rundll32.exe 88 PID 2068 wrote to memory of 4844 2068 rundll32.exe 88 PID 2068 wrote to memory of 4844 2068 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0deee029f319e90c1674a1f1f2f3effd.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2068 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0deee029f319e90c1674a1f1f2f3effd.dll,#12⤵PID:4844
-