Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
155s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
14/03/2024, 18:27
General
-
Target
c94e50739018f558c5deee2b1c0500fe.dll
-
Size
216KB
-
MD5
c94e50739018f558c5deee2b1c0500fe
-
SHA1
42ac57071dd3ab5604bc4f4b9fb9498c326d0bf2
-
SHA256
39a2cedcde9c9d58ac7d408109414efbaf6a2ae76cdfd0e2f43298698762c55b
-
SHA512
14a603e35e389a36b35d8dbc439d4e1dac27fa0ae6aa88f0608ac1e1356cce15f08fa71bc2569d4e6749811bf9d2396be3acd2996be8b28d7b5dfbba89f3bd87
-
SSDEEP
384:BTW3UoNAgloeECwx7WkHrEOBRQOkbdLhzWXIE1vaI9FOP4cK:BvnLBYOkbdLd6vaI9Fz
Score
7/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c94e50739018f558c5deee2b1c0500fe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c94e50739018f558c5deee2b1c0500fe.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB