Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
197s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
17/04/2024, 19:25
Static task
static1
Behavioral task
behavioral1
Sample
21776ac2dc3af2d86e260a0d4b63c897bb3547e6edc5c58cda31c33c288f58cb.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
21776ac2dc3af2d86e260a0d4b63c897bb3547e6edc5c58cda31c33c288f58cb.dll
Resource
win10v2004-20240412-en
General
-
Target
21776ac2dc3af2d86e260a0d4b63c897bb3547e6edc5c58cda31c33c288f58cb.dll
-
Size
9KB
-
MD5
e009578391e99d9f4add900323f03483
-
SHA1
c598977a6bb39a10dd583809f91793fb263c8ec9
-
SHA256
21776ac2dc3af2d86e260a0d4b63c897bb3547e6edc5c58cda31c33c288f58cb
-
SHA512
3f57c99b44f45080734e4c9d1aee86f716833c3372f2e65ba71210b7464fb62455b5fa2c887b93e1d7fe95ffb3a7194aec1d1813c1a9734d0a2119d3623ab7a2
-
SSDEEP
192:Enekfu3hME1hMEuCv/ENbSrbFzCcyssPPP7eDPHnx7I74:EneCMhME1hMEuCv/ENbSF9yDzebHx7q4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 5000 wrote to memory of 1676 5000 rundll32.exe 91 PID 5000 wrote to memory of 1676 5000 rundll32.exe 91 PID 5000 wrote to memory of 1676 5000 rundll32.exe 91
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\21776ac2dc3af2d86e260a0d4b63c897bb3547e6edc5c58cda31c33c288f58cb.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:5000 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\21776ac2dc3af2d86e260a0d4b63c897bb3547e6edc5c58cda31c33c288f58cb.dll,#12⤵PID:1676
-