Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 23:31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
20134ad02ae986d2586c62a80a3ff416.dll
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
20134ad02ae986d2586c62a80a3ff416.dll
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
20134ad02ae986d2586c62a80a3ff416.dll
-
Size
28KB
-
MD5
20134ad02ae986d2586c62a80a3ff416
-
SHA1
bda3e3a95a80d327e3e286a8ae2ca1b9903c9977
-
SHA256
aae403394d995ef3dbe0ef757722696e1a10e62311ccb6e6dbeb35cac629d259
-
SHA512
85bd1a884e3ce6bcb3d66c0ffc5c62f44557028b07da2ebd9b4de612b68170aebc372e219194dabc04089d252ad283074c9f4567c271899b4e31a576a31828b8
-
SSDEEP
768:3HZITUOwXQDiWjDOKbWsA8cgeIR4Rv9ce5bZjG:3HyoOwguiyKbfVemWvi
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5048 rundll32.exe 5048 rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 5048 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4960 wrote to memory of 5048 4960 rundll32.exe 16 PID 4960 wrote to memory of 5048 4960 rundll32.exe 16 PID 4960 wrote to memory of 5048 4960 rundll32.exe 16
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\20134ad02ae986d2586c62a80a3ff416.dll,#11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5048
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\20134ad02ae986d2586c62a80a3ff416.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4960