Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
3Static
static
3E85429C854...er.exe
windows10-2004-x64
1E85429C854...on.dll
windows10-2004-x64
1E85429C854...rm.pdf
windows10-2004-x64
1E85429C854...le.pdf
windows10-2004-x64
1E85429C854...ld.exe
windows10-2004-x64
1E85429C854...RD.exe
windows10-2004-x64
1E85429C854...on.dll
windows10-2004-x64
1Analysis
-
max time kernel
448s -
max time network
451s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
11/03/2024, 12:21
Static task
static1
Behavioral task
behavioral1
Sample
E85429C854299A78/USB Driver.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
E85429C854299A78/version.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
E85429C854299A78/////Candidates Personal Information Form.pdf
Resource
win10v2004-20240226-en
Behavioral task
behavioral4
Sample
E85429C854299A78/////Gmail - IFIC Bank_ Computer Proficiency Test Schedule.pdf
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
E85429C854299A78/////MSBuild.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
E85429C854299A78/////WINWORD.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
E85429C854299A78/////version.dll
Resource
win10v2004-20240226-en
General
-
Target
E85429C854299A78/version.dll
-
Size
987KB
-
MD5
b9e2656b72ad923f231d12876a8a5640
-
SHA1
e7da8cd7c76c4d333a912b574ebce447a972e7c6
-
SHA256
07d03f080a1f318b5125f5551a700ad209825907cce291b2c241b49b17d502ac
-
SHA512
73029b3299dcbe03bbf70fea2e77cf3b770728e0b52ead951dfa6e83dda30f3dfe5d97b36f8694af6ddf40bddf4f3e349a69af694055482cb8e928d1471e88f9
-
SSDEEP
12288:9mzy52sk14W7fnumkiipuuDx6h0QrH6s6iEN6GGvulmc3Mk:qsk14W7dP7H6s6iEMr
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2032 wrote to memory of 1568 2032 rundll32.exe 85 PID 2032 wrote to memory of 1568 2032 rundll32.exe 85 PID 2032 wrote to memory of 1568 2032 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\E85429C854299A78\version.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\E85429C854299A78\version.dll,#12⤵PID:1568
-