Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
13/01/2024, 12:50
General
-
Target
38d3f0dc4a3730cdf971ef4aba264f3951870c113123d54aeb19c7df6d4f9aae.dll
-
Size
397KB
-
MD5
12a287e9731be4bc7b67001e33654799
-
SHA1
3074d4786005aa02b919457338ac9921594ca3bb
-
SHA256
38d3f0dc4a3730cdf971ef4aba264f3951870c113123d54aeb19c7df6d4f9aae
-
SHA512
e13116e3e4206b8bd056b7cad63da5ec44721c97162795faac6a74bc3c721a547d1687204ec41d674e7afb364a6ac2b4e036356f757167c60d286f4b61099173
-
SSDEEP
6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOar:174g2LDeiPDImOkx2LIar
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Unexpected DNS network traffic destination 2 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38d3f0dc4a3730cdf971ef4aba264f3951870c113123d54aeb19c7df6d4f9aae.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\38d3f0dc4a3730cdf971ef4aba264f3951870c113123d54aeb19c7df6d4f9aae.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-