Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 11:28
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6ac6ecbd731267154575a9910e424da0.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
6ac6ecbd731267154575a9910e424da0.dll
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
6ac6ecbd731267154575a9910e424da0.dll
-
Size
32KB
-
MD5
6ac6ecbd731267154575a9910e424da0
-
SHA1
70b4df8ca2154b3c8d93bd616c6371defc237bc8
-
SHA256
490f38ac362203ab439c2ad0008d20ccad50181a6160c6bfbeffa9f83b102f2a
-
SHA512
faf75448caa5dcf082c6eb4232b7ef935ef76973e8450b02843179e4377d9622652b5c53c85151bb33ac97762e05ea87e4b7e47752aac111eb3ce5ee15fe14bf
-
SSDEEP
768:Ft+NP27D6a8deklv/LT7PlhXlK9VfShVfLRBQ2zq:Ft+p272es/7PlhVK3aHDR6
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1624 wrote to memory of 1088 1624 rundll32.exe 86 PID 1624 wrote to memory of 1088 1624 rundll32.exe 86 PID 1624 wrote to memory of 1088 1624 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ac6ecbd731267154575a9910e424da0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1624 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6ac6ecbd731267154575a9910e424da0.dll,#12⤵PID:1088
-