Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
134s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
18/04/2024, 20:18
Behavioral task
behavioral1
Sample
d23f5d5284d9477796353a9671d49ea38793cc59621adf44785b66d68214600f.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
d23f5d5284d9477796353a9671d49ea38793cc59621adf44785b66d68214600f.dll
Resource
win10v2004-20240412-en
General
-
Target
d23f5d5284d9477796353a9671d49ea38793cc59621adf44785b66d68214600f.dll
-
Size
899KB
-
MD5
9810915c1c964d5de16b553e7e719efd
-
SHA1
5e5bfb57bae0ea0456a7460e14b37b12db9ffe4a
-
SHA256
d23f5d5284d9477796353a9671d49ea38793cc59621adf44785b66d68214600f
-
SHA512
da16489e82030b4a635d2fd385f2bc60ac6774b3f05a58a4a0eecf5887a4d6471a56005e6ea51514fb5c7d27d5ef5ede4374b621878d7cf5e1f247494fa16f02
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX0:7wqd87V0
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1428 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1944 wrote to memory of 1428 1944 rundll32.exe 87 PID 1944 wrote to memory of 1428 1944 rundll32.exe 87 PID 1944 wrote to memory of 1428 1944 rundll32.exe 87
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d23f5d5284d9477796353a9671d49ea38793cc59621adf44785b66d68214600f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1944 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d23f5d5284d9477796353a9671d49ea38793cc59621adf44785b66d68214600f.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:1428
-