Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
06/01/2024, 22:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4744d5674ada2f9127d798c8e2c20ab4.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
4744d5674ada2f9127d798c8e2c20ab4.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
4744d5674ada2f9127d798c8e2c20ab4.dll
-
Size
34KB
-
MD5
4744d5674ada2f9127d798c8e2c20ab4
-
SHA1
9fdafdca842dc0560d491a15f9e2115626491336
-
SHA256
518b519ba346b00e24ad1369ab48649633ecc767658015a79d31733d62b832b0
-
SHA512
87defe7dc87359ce196129804418caa6d4ad6bf929586164aac9f9fe469d5d0c11795a390997a65192219bdec839b02b1a6abbbc17d8b2f7af063180719c71cc
-
SSDEEP
768:emgovWiIps/FV+TlW429WjFr3IM27/QqGZDlOiOMdCR4Pr:/govWiIpVsWJrYf7/DGZd3CR4z
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2932 wrote to memory of 624 2932 rundll32.exe 28 PID 2932 wrote to memory of 624 2932 rundll32.exe 28 PID 2932 wrote to memory of 624 2932 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4744d5674ada2f9127d798c8e2c20ab4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2932 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4744d5674ada2f9127d798c8e2c20ab4.dll,#12⤵PID:624
-