Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

10/03/2024, 09:40

240310-lnnklshh9t 5

10/03/2024, 09:34

240310-lj5y4ahh2x 10

Analysis

  • max time kernel
    147s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/03/2024, 09:34

General

  • Target

    App.Setap/locale/af/LC_MESSAGES/plugins/access/libfilesystem_plugin.dll

  • Size

    59KB

  • MD5

    8fac15d2a2da66abdf345afa45ac5e3b

  • SHA1

    553d4c9f39726d8aadb15fed7c904048928049e0

  • SHA256

    66ef741a9282b420b09b940fbdbf666cd1625a8da18daaece036fcc4e1a74d38

  • SHA512

    f756e3b3368245d4670cf0f86a6727858e3ead983b3e10c11d9b13e67d86b632703f44df70e648bb8edcad295744c763a268f4eb02ace0055405c3e9af124548

  • SSDEEP

    768:D2y9ohNIged8Yy0NBdeOWxRPxYoWE487KcxN5ZEUUaDGFheDGFhW:D2yyhkKYloRPuEUcxHZEUUe

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\App.Setap\locale\af\LC_MESSAGES\plugins\access\libfilesystem_plugin.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\App.Setap\locale\af\LC_MESSAGES\plugins\access\libfilesystem_plugin.dll,#1
      2⤵
        PID:4600

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads