Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
04/01/2024, 12:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
40e4c083da257bb7c0bc04f7eeef4299.dll
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
40e4c083da257bb7c0bc04f7eeef4299.dll
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
40e4c083da257bb7c0bc04f7eeef4299.dll
-
Size
120KB
-
MD5
40e4c083da257bb7c0bc04f7eeef4299
-
SHA1
16426053b1ad93fa3832b4f083f1bbce8d172992
-
SHA256
40467bf55d34e7d3b57b18729154072ef2c310446a9814f82533ec004fc9be8d
-
SHA512
65bcf4d25a0fd984303538ad1a8cdff0f096ab0cfc14e54e4419fa78cc2e1b56b980b8cca55cc63d6b6db97221345d7833519dc1e770a89f05276faf202542e9
-
SSDEEP
3072:DJq8LGgTkFZ2wn/nVwpuqmWa8b8+vnCwjxZ/tC:D4EdkFoePVxua23nfjPtC
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3888 wrote to memory of 5076 3888 rundll32.exe 50 PID 3888 wrote to memory of 5076 3888 rundll32.exe 50 PID 3888 wrote to memory of 5076 3888 rundll32.exe 50
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40e4c083da257bb7c0bc04f7eeef4299.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3888 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\40e4c083da257bb7c0bc04f7eeef4299.dll,#12⤵PID:5076
-