Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/04/2024, 14:02
Static task
static1
Behavioral task
behavioral1
Sample
c3c25a4fae27a99fc0ea801f704e5a452ac7f0f9c70f540bd52030646c61ec1d.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
c3c25a4fae27a99fc0ea801f704e5a452ac7f0f9c70f540bd52030646c61ec1d.dll
Resource
win10v2004-20240226-en
General
-
Target
c3c25a4fae27a99fc0ea801f704e5a452ac7f0f9c70f540bd52030646c61ec1d.dll
-
Size
63KB
-
MD5
562a3b73e79d6913ed270abfb71bbe9a
-
SHA1
2d0643382aacd65fd09b130a778a62adedf2aa4c
-
SHA256
c3c25a4fae27a99fc0ea801f704e5a452ac7f0f9c70f540bd52030646c61ec1d
-
SHA512
ce1af9dfa58167b792654e0e7f78e93fb3dc9979df8b3b9297c6f6f8fbe552aa2a4471a75f5293e8473636d89cb57f642e32b2e26dfe3fdf85e63554e1548f55
-
SSDEEP
1536:5Evqw7eYW6DwFv0K/vA84r9p17FnToIfdE5s8s:5cqw7eYW6UFv0K8tTBfK5s
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4288 wrote to memory of 2508 4288 rundll32.exe 86 PID 4288 wrote to memory of 2508 4288 rundll32.exe 86 PID 4288 wrote to memory of 2508 4288 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c3c25a4fae27a99fc0ea801f704e5a452ac7f0f9c70f540bd52030646c61ec1d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4288 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c3c25a4fae27a99fc0ea801f704e5a452ac7f0f9c70f540bd52030646c61ec1d.dll,#12⤵PID:2508
-