Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
153s -
max time network
166s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17/04/2024, 13:44
Behavioral task
behavioral1
Sample
d9ad07af6ed10b4ac1d4dda1c67f56c1424a8be7aa7009978eada12ee2f8e4db.dll
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
d9ad07af6ed10b4ac1d4dda1c67f56c1424a8be7aa7009978eada12ee2f8e4db.dll
Resource
win10v2004-20240412-en
General
-
Target
d9ad07af6ed10b4ac1d4dda1c67f56c1424a8be7aa7009978eada12ee2f8e4db.dll
-
Size
899KB
-
MD5
1683c198386132c4749e28a0d2adc4b7
-
SHA1
899b43c1b9605879d2e835efa1e46ffdadbf61b3
-
SHA256
d9ad07af6ed10b4ac1d4dda1c67f56c1424a8be7aa7009978eada12ee2f8e4db
-
SHA512
49dc495753b724830c29a825037aac93609c190644332e433808f95f3eb7f5188d228c9df3fde980ed48ffafb7ecbfb08f4823dfac9c42f53a6248235bf32fe6
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXP:7wqd87VP
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 4492 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3048 wrote to memory of 4492 3048 rundll32.exe 83 PID 3048 wrote to memory of 4492 3048 rundll32.exe 83 PID 3048 wrote to memory of 4492 3048 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d9ad07af6ed10b4ac1d4dda1c67f56c1424a8be7aa7009978eada12ee2f8e4db.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3048 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d9ad07af6ed10b4ac1d4dda1c67f56c1424a8be7aa7009978eada12ee2f8e4db.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:4492
-