Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
20/02/2024, 14:36
Static task
static1
Behavioral task
behavioral1
Sample
d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362.dll
Resource
win10v2004-20231215-en
General
-
Target
d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362.dll
-
Size
397KB
-
MD5
23c0b8d376cbdbaed347d96f69b34757
-
SHA1
5d4ad15e6879f6637cfe289c40390c5fb329413b
-
SHA256
d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362
-
SHA512
1dbfde8afc2ddca8d5d2e51e7152b1ce9420eec8a6e11566fd0f2915dde944af1536ef2f979fc925601b74e8702a130b12e9c885360d68bad8fe6bcdf60c1d68
-
SSDEEP
6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaV:174g2LDeiPDImOkx2LIaV
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4620 rundll32.exe 4620 rundll32.exe 4620 rundll32.exe 4620 rundll32.exe 4620 rundll32.exe 4620 rundll32.exe 4620 rundll32.exe 4620 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 4620 rundll32.exe Token: SeTcbPrivilege 4620 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3100 wrote to memory of 4620 3100 rundll32.exe 84 PID 3100 wrote to memory of 4620 3100 rundll32.exe 84 PID 3100 wrote to memory of 4620 3100 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3100 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4620
-