Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
138s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
18/01/2024, 18:40
Behavioral task
behavioral1
Sample
65c0616d8e26a4602bf3cb9c5a8e8a26.dll
Resource
win7-20231129-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
65c0616d8e26a4602bf3cb9c5a8e8a26.dll
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
65c0616d8e26a4602bf3cb9c5a8e8a26.dll
-
Size
87KB
-
MD5
65c0616d8e26a4602bf3cb9c5a8e8a26
-
SHA1
887020a08ea17d11f8c1d3bf5fcc8cc0cc201e98
-
SHA256
c808f19800fb64e870098457cdbb09907253cb1ee15738b036daca070bb1a249
-
SHA512
3e06111b21a590b2a7e18516c696bedfbb1e74216a100a02cfe5be5db7cc807517edd75c4099732014f6bd6a75fb8d79927f0fb913600a26dcf092b878dd19f0
-
SSDEEP
1536:vGjnzpwWb8U1Dq4jW36Oi0cu6kfRUsStAwdSiGsWuBk:ujlwG7jTOi0Z6WRUsSqwdSiGsWmk
Score
8/10
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\Drivers\beep.sys rundll32.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 664 Process not Found -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4772 wrote to memory of 2768 4772 rundll32.exe 86 PID 4772 wrote to memory of 2768 4772 rundll32.exe 86 PID 4772 wrote to memory of 2768 4772 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\65c0616d8e26a4602bf3cb9c5a8e8a26.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4772 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\65c0616d8e26a4602bf3cb9c5a8e8a26.dll,#12⤵
- Drops file in Drivers directory
PID:2768
-