Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17/04/2024, 19:22
Static task
static1
Behavioral task
behavioral1
Sample
2042b7b8f9272a4cf7a8a90f9b41fd5b9168f40d98aae52c1bdbaa7b67f2bec1.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2042b7b8f9272a4cf7a8a90f9b41fd5b9168f40d98aae52c1bdbaa7b67f2bec1.dll
Resource
win10v2004-20240412-en
General
-
Target
2042b7b8f9272a4cf7a8a90f9b41fd5b9168f40d98aae52c1bdbaa7b67f2bec1.dll
-
Size
5KB
-
MD5
aab7259c1dd00c86195a413e0bdb5a02
-
SHA1
e7849fbfae762e5c16bbd44dfd9adcad430a0928
-
SHA256
2042b7b8f9272a4cf7a8a90f9b41fd5b9168f40d98aae52c1bdbaa7b67f2bec1
-
SHA512
ceb8031c83f3a68f8a988e0b1cd21d249b5cb996121788cbf35172dc77609102bf0da3111f47413269eb010396e9f484c6f385dd294f362954dbf64fddeca2d6
-
SSDEEP
96:hy859x0P8MaxR53znld6D3bLoJ4xDllbQ:F5oLqnldELu4xH0
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4316 wrote to memory of 1616 4316 rundll32.exe 86 PID 4316 wrote to memory of 1616 4316 rundll32.exe 86 PID 4316 wrote to memory of 1616 4316 rundll32.exe 86
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2042b7b8f9272a4cf7a8a90f9b41fd5b9168f40d98aae52c1bdbaa7b67f2bec1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4316 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2042b7b8f9272a4cf7a8a90f9b41fd5b9168f40d98aae52c1bdbaa7b67f2bec1.dll,#12⤵PID:1616
-