Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
190s -
max time network
203s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25/12/2023, 19:35
Behavioral task
behavioral1
Sample
696ceab23336b1a094e710af8c06e7161cc858c26b3293250487cf3c177870e8.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
696ceab23336b1a094e710af8c06e7161cc858c26b3293250487cf3c177870e8.dll
Resource
win10v2004-20231215-en
General
-
Target
696ceab23336b1a094e710af8c06e7161cc858c26b3293250487cf3c177870e8.dll
-
Size
899KB
-
MD5
5cf872bc7fe69e1b80b143d4d792e5f6
-
SHA1
b21a45f078c3209528c7ce7d756589ade738d948
-
SHA256
696ceab23336b1a094e710af8c06e7161cc858c26b3293250487cf3c177870e8
-
SHA512
fdd80280de773df0433a43461b60bb796fa20194203fb8f7c18bb99409dc236159bc8ff8d5517067bfb8b83a0f8f5ce6454b348e0836cb75726a395003b427ba
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXK:7wqd87VK
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2556 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4508 wrote to memory of 2556 4508 rundll32.exe 89 PID 4508 wrote to memory of 2556 4508 rundll32.exe 89 PID 4508 wrote to memory of 2556 4508 rundll32.exe 89
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\696ceab23336b1a094e710af8c06e7161cc858c26b3293250487cf3c177870e8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4508 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\696ceab23336b1a094e710af8c06e7161cc858c26b3293250487cf3c177870e8.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2556
-