Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 22:01
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0510c72433f54e7282eec0c8c66eb2ae.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0510c72433f54e7282eec0c8c66eb2ae.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
0510c72433f54e7282eec0c8c66eb2ae.dll
-
Size
30KB
-
MD5
0510c72433f54e7282eec0c8c66eb2ae
-
SHA1
457cce38ce447dd6c9d01c64097641c97ae6d354
-
SHA256
e2df1466fd071bbada70e77fccff0777c45d2e59553bd8b13bb753e7970ae5e3
-
SHA512
731dcf5e5187ef4b9ae9035490a18926976e65939dca70ade277b1ef8f96a56cd271a0ed0e9877cad09cca5e0c3c564c4d432fc632119f4a3bba20a4285a7a73
-
SSDEEP
768:H5JXld4eF4fShHVq2hcLDhF3jLyY7cTGgsMP:HTX3FR1v6vhlgvsMP
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5076 wrote to memory of 4756 5076 rundll32.exe 19 PID 5076 wrote to memory of 4756 5076 rundll32.exe 19 PID 5076 wrote to memory of 4756 5076 rundll32.exe 19
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0510c72433f54e7282eec0c8c66eb2ae.dll,#11⤵PID:4756
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0510c72433f54e7282eec0c8c66eb2ae.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5076