Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05/01/2024, 22:50
Behavioral task
behavioral1
Sample
f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f.dll
Resource
win10v2004-20231215-en
General
-
Target
f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f.dll
-
Size
51KB
-
MD5
92f91ad431461b938ada8d26fbe706e2
-
SHA1
727654cd7861792cb8589f8ac024279270d2cff6
-
SHA256
f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f
-
SHA512
1c483eecbf8bf805243037e38c934ea5bc79d73bc2eab9e95226f55f6e9b286faba3b7281515e89e17e3bde0dc9510351452d48824739f5e94b8bdc6d58ed0d2
-
SSDEEP
1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLdJYH5:1dWubF3n9S91BF3fboJJYH5
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4480 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4032 wrote to memory of 4480 4032 rundll32.exe 14 PID 4032 wrote to memory of 4480 4032 rundll32.exe 14 PID 4032 wrote to memory of 4480 4032 rundll32.exe 14
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f.dll,#11⤵
- Suspicious behavior: RenamesItself
PID:4480
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f49f0cdbddaf0ba5cbbf2382954f6dc648e38ba329cc8fe7b01f25c29975278f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4032