Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
16/03/2024, 06:42
Behavioral task
behavioral1
Sample
cd60f5171b2ed7bcc455e4c2ebdfa99b.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cd60f5171b2ed7bcc455e4c2ebdfa99b.dll
Resource
win10v2004-20240226-en
General
-
Target
cd60f5171b2ed7bcc455e4c2ebdfa99b.dll
-
Size
603KB
-
MD5
cd60f5171b2ed7bcc455e4c2ebdfa99b
-
SHA1
75d6a261e1a63d47d8e53a71a04c4045218eff39
-
SHA256
62c42417b8293127ca19da774adce9b7da27fe47b82f304131ec95e98feb9b0a
-
SHA512
aa9873ef157414a8adc760193109fa06e226fc6b2d9a8f47e892dcdda54a46bb87b8b23c11030930b01c498fd1335ee5c370c8701fbbd34b4e8cefc8ca064d9a
-
SSDEEP
12288:IvJHtUpq1TzYI9WzOYjJNvmBwob6ViTXxsGuzyxJda2GXk/z:ytn1TzNWzOWNvS6msP8LJz
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\7af9769627.dl rundll32.exe File opened for modification C:\Windows\SysWOW64\7af9769627.dl rundll32.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1100 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4312 wrote to memory of 1100 4312 rundll32.exe 84 PID 4312 wrote to memory of 1100 4312 rundll32.exe 84 PID 4312 wrote to memory of 1100 4312 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cd60f5171b2ed7bcc455e4c2ebdfa99b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4312 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cd60f5171b2ed7bcc455e4c2ebdfa99b.dll,#12⤵
- Drops file in System32 directory
- Suspicious behavior: RenamesItself
PID:1100
-