Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
164s -
max time network
176s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 03:23
Behavioral task
behavioral1
Sample
0cd7f40a1519f7228157f4b71b24acd9.dll
Resource
win7-20231129-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
0cd7f40a1519f7228157f4b71b24acd9.dll
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
0cd7f40a1519f7228157f4b71b24acd9.dll
-
Size
432KB
-
MD5
0cd7f40a1519f7228157f4b71b24acd9
-
SHA1
559d65d98627df83a379e51e3b1a61ff8a5311cd
-
SHA256
e5b826256ab923b4395c8dcfe66e06bff8f395c93733127deb019f4faacca567
-
SHA512
e4e6c9b0f3f192eb14bb47a3638e7b9b7bcdcf65b4fdff20d21ecc30ff8e98a802975953c7a01461c4f7ee03b115880ce98edf3fd70d4957e8bec03e4a00f65c
-
SSDEEP
6144:SW4oPJqMOqjU0XF2idZecnl20lHRxp3gOe0M6E81xS0WcHpsFbBqt:ioRPOqjU6F3Z4mxx80MHoTAFbi
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 4 IoCs
flow pid Process 50 384 rundll32.exe 61 384 rundll32.exe 75 384 rundll32.exe 83 384 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 384 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3028 wrote to memory of 384 3028 rundll32.exe 89 PID 3028 wrote to memory of 384 3028 rundll32.exe 89 PID 3028 wrote to memory of 384 3028 rundll32.exe 89
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0cd7f40a1519f7228157f4b71b24acd9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3028 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0cd7f40a1519f7228157f4b71b24acd9.dll,#12⤵
- Blocklisted process makes network request
- Suspicious use of AdjustPrivilegeToken
PID:384
-