Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
12/02/2024, 06:26
Behavioral task
behavioral1
Sample
967d0941159c9983c56a9223e2eec543.dll
Resource
win7-20231215-en
4 signatures
150 seconds
General
-
Target
967d0941159c9983c56a9223e2eec543.dll
-
Size
27KB
-
MD5
967d0941159c9983c56a9223e2eec543
-
SHA1
0f2cbe86cf6fd3c798054711a3f109f3bac71af1
-
SHA256
23175922758d8cf9cdd2a44759251ef148c7594b23fcd17de93bba8a660661fd
-
SHA512
039b6823379dedb1615944fae7aa691d5f660cf9afb91550dc9f90fc0254aa438143bbe70b912607b23d7400024d2221622751670daf72a4264f5dd86b1797d2
-
SSDEEP
768:rFDAYMNBrQFJzbuZOIbAnaUjW9+A+Ynfz:JLsdYbgOTn9FA+07
Malware Config
Signatures
-
Detect Blackmoon payload 1 IoCs
resource yara_rule behavioral2/memory/612-0-0x0000000010000000-0x000000001002E000-memory.dmp family_blackmoon -
resource yara_rule behavioral2/memory/612-0-0x0000000010000000-0x000000001002E000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4164 wrote to memory of 612 4164 rundll32.exe 83 PID 4164 wrote to memory of 612 4164 rundll32.exe 83 PID 4164 wrote to memory of 612 4164 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\967d0941159c9983c56a9223e2eec543.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4164 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\967d0941159c9983c56a9223e2eec543.dll,#12⤵PID:612
-