Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/04/2024, 00:10
Static task
static1
Behavioral task
behavioral1
Sample
b2ca50925c34b2f9ae43335897587c55c2580ffb7a85c1ed8d7bbbc482d39ddd.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b2ca50925c34b2f9ae43335897587c55c2580ffb7a85c1ed8d7bbbc482d39ddd.dll
Resource
win10v2004-20240226-en
General
-
Target
b2ca50925c34b2f9ae43335897587c55c2580ffb7a85c1ed8d7bbbc482d39ddd.dll
-
Size
7KB
-
MD5
7ab267c78117dfe2e1f16ff26b865f8e
-
SHA1
9c1588cab88fffc28c3da8d91914aedc350aedac
-
SHA256
b2ca50925c34b2f9ae43335897587c55c2580ffb7a85c1ed8d7bbbc482d39ddd
-
SHA512
43159d5ca7f658d641856b048a9d450619ab27a69af085c38ec814c997ddc0613b3653a5b3d93a4142eb61a587963ae20e2a88862ee4cf620224deedb8b2ffe9
-
SSDEEP
48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPWybABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbPAq3qX5S2hV
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 212 wrote to memory of 244 212 rundll32.exe 85 PID 212 wrote to memory of 244 212 rundll32.exe 85 PID 212 wrote to memory of 244 212 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2ca50925c34b2f9ae43335897587c55c2580ffb7a85c1ed8d7bbbc482d39ddd.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:212 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b2ca50925c34b2f9ae43335897587c55c2580ffb7a85c1ed8d7bbbc482d39ddd.dll,#12⤵PID:244
-