Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
142s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
20/02/2024, 15:08
Behavioral task
behavioral1
Sample
0fe65f7ad9ccb1eb1d37c3b4dc6ef5e88ef300d18e4c7ae89f86c8325d254990.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
0fe65f7ad9ccb1eb1d37c3b4dc6ef5e88ef300d18e4c7ae89f86c8325d254990.dll
Resource
win10v2004-20231215-en
General
-
Target
0fe65f7ad9ccb1eb1d37c3b4dc6ef5e88ef300d18e4c7ae89f86c8325d254990.dll
-
Size
899KB
-
MD5
433b6279e960f8d42b880063416aa009
-
SHA1
b72ba9030006843a3546e58ce1ca9d862618fc44
-
SHA256
0fe65f7ad9ccb1eb1d37c3b4dc6ef5e88ef300d18e4c7ae89f86c8325d254990
-
SHA512
38f9baf4c9e9938bdee9e064a6ce98a02bb58ae8e9afeb760ec973efba52f20c2fd792995c33efbabeff147ec2a7a89dc358cfa95bd168db56bec57e23cc21dd
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXV:7wqd87VV
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4864 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4300 wrote to memory of 4864 4300 rundll32.exe 84 PID 4300 wrote to memory of 4864 4300 rundll32.exe 84 PID 4300 wrote to memory of 4864 4300 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0fe65f7ad9ccb1eb1d37c3b4dc6ef5e88ef300d18e4c7ae89f86c8325d254990.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4300 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0fe65f7ad9ccb1eb1d37c3b4dc6ef5e88ef300d18e4c7ae89f86c8325d254990.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:4864
-