Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 04:16
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0e25134ee791ef4263c537e1e38142dd.dll
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
0e25134ee791ef4263c537e1e38142dd.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
0e25134ee791ef4263c537e1e38142dd.dll
-
Size
84KB
-
MD5
0e25134ee791ef4263c537e1e38142dd
-
SHA1
f206a9d1168dbe75aa40f5d6dc99f0cd4e84ad78
-
SHA256
2e37e20ccdf1fdfc74658f7c363744bb5c1630fd6eb3dde204e08c8a40e1ecfd
-
SHA512
639f6f262e4427c6bc4f8efa90f86ffc0f3cada8d54d0754963a07484750da8d3d73addde9330a6c10f286fc18a1530c33340ae4dc5ac07c5782110c3f88dbfe
-
SSDEEP
1536:yAoAi/L4HpuH1uKN9Y80XA9pcdK4pbN6T+w8:4Ai/LOpy1uKXY8AA9qQ4pbNt
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 596 wrote to memory of 696 596 rundll32.exe 88 PID 596 wrote to memory of 696 596 rundll32.exe 88 PID 596 wrote to memory of 696 596 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0e25134ee791ef4263c537e1e38142dd.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:596 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0e25134ee791ef4263c537e1e38142dd.dll,#12⤵PID:696
-