Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
19/03/2024, 19:12
Behavioral task
behavioral1
Sample
0f69847dcd5a72d8da5e20c03c6bf6999e88772da0b914d115d36dac4ef1cf16.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0f69847dcd5a72d8da5e20c03c6bf6999e88772da0b914d115d36dac4ef1cf16.dll
Resource
win10v2004-20240226-en
General
-
Target
0f69847dcd5a72d8da5e20c03c6bf6999e88772da0b914d115d36dac4ef1cf16.dll
-
Size
899KB
-
MD5
3390ccf33d9866d94952dc029b32db54
-
SHA1
1c998c76e095af24c8ed042e0ed8b06ab9e78d6a
-
SHA256
0f69847dcd5a72d8da5e20c03c6bf6999e88772da0b914d115d36dac4ef1cf16
-
SHA512
28332414d0b6e07ff8e96430a4141784c1932d9bf271383619888951b931335b97bb191973eaed631deade115588ae15a5fd393eea8f38446572b1c45d0e9f29
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXi:7wqd87Vi
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3816 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2272 wrote to memory of 3816 2272 rundll32.exe 87 PID 2272 wrote to memory of 3816 2272 rundll32.exe 87 PID 2272 wrote to memory of 3816 2272 rundll32.exe 87
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0f69847dcd5a72d8da5e20c03c6bf6999e88772da0b914d115d36dac4ef1cf16.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2272 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0f69847dcd5a72d8da5e20c03c6bf6999e88772da0b914d115d36dac4ef1cf16.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:3816
-