Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/03/2024, 15:35
Behavioral task
behavioral1
Sample
d5c62bb680595fbbd4b8459ba9afbccb1eadfbd95f0f29a4a759ca53defa5d4f.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
d5c62bb680595fbbd4b8459ba9afbccb1eadfbd95f0f29a4a759ca53defa5d4f.dll
Resource
win10v2004-20240226-en
General
-
Target
d5c62bb680595fbbd4b8459ba9afbccb1eadfbd95f0f29a4a759ca53defa5d4f.dll
-
Size
51KB
-
MD5
3aa5940ceff32ffb8d56343f2bbfd6b1
-
SHA1
05d3908f3decec34b23c99f2141977580076f7df
-
SHA256
d5c62bb680595fbbd4b8459ba9afbccb1eadfbd95f0f29a4a759ca53defa5d4f
-
SHA512
19a16af7ea8d01087735cb7003be7dfe00e753e4e59b7f1ec2dc5ccd9d013a01e1650efc0105f7b5caaf1239cce454b0a09c5f7e4d619e11aced9b327025a0ec
-
SSDEEP
1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLlJYH5:1dWubF3n9S91BF3fboRJYH5
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4004 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2096 wrote to memory of 4004 2096 rundll32.exe 89 PID 2096 wrote to memory of 4004 2096 rundll32.exe 89 PID 2096 wrote to memory of 4004 2096 rundll32.exe 89
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d5c62bb680595fbbd4b8459ba9afbccb1eadfbd95f0f29a4a759ca53defa5d4f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d5c62bb680595fbbd4b8459ba9afbccb1eadfbd95f0f29a4a759ca53defa5d4f.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:4004
-