Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
137s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
18/03/2024, 18:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d432996c9ef7acd7656379680780e9b5.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
d432996c9ef7acd7656379680780e9b5.dll
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
d432996c9ef7acd7656379680780e9b5.dll
-
Size
252KB
-
MD5
d432996c9ef7acd7656379680780e9b5
-
SHA1
ac1bbd764f01fb170cbdb925a98937bf9a3b5b14
-
SHA256
1b8399400127b42f3af84832ec8773e81ff7011a45d7ec925d8c16406b492156
-
SHA512
5d6c7ad628b70e6e43f398ceb8447c411e4fffb74cd0fb65e7265e17d0334fa842bc732bdc58622ce1b335ec260da2871eac21ccdb134bf3caa87376983e0477
-
SSDEEP
6144:t+TXq8bs9QpeHLI4ilPnvzq78NAgfkH43m5DfwakGQO7j2ySeJ/Cvdpm:t+TXqmoQAI4ilPnvzq78KUL2T4gJknm
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
flow pid Process 13 116 rundll32.exe 43 116 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2820 wrote to memory of 116 2820 rundll32.exe 88 PID 2820 wrote to memory of 116 2820 rundll32.exe 88 PID 2820 wrote to memory of 116 2820 rundll32.exe 88
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d432996c9ef7acd7656379680780e9b5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d432996c9ef7acd7656379680780e9b5.dll,#12⤵
- Blocklisted process makes network request
PID:116
-