Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/01/2024, 14:09

General

  • Target

    86cd1cc40bbead8e603ade8e329379353b68958e8a30a1374bbb73b0cbf53556.dll

  • Size

    397KB

  • MD5

    6a8e1f369f7f30b5e90d344e22cf422c

  • SHA1

    f9aea0807c08f863c761601af5b097ecad67b2ef

  • SHA256

    86cd1cc40bbead8e603ade8e329379353b68958e8a30a1374bbb73b0cbf53556

  • SHA512

    f5963a1e47b2de126140e59dc91fb839ff79a9d30d15f89b65ef2e3aab9ead434318ad9abd85abb28511b2806a73b88837b3b66d089f8edb91c68169c5673b45

  • SSDEEP

    6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaO:174g2LDeiPDImOkx2LIaO

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\86cd1cc40bbead8e603ade8e329379353b68958e8a30a1374bbb73b0cbf53556.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1092
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\86cd1cc40bbead8e603ade8e329379353b68958e8a30a1374bbb73b0cbf53556.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads