Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
146s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20/04/2024, 15:25
Behavioral task
behavioral1
Sample
17bc9e70439db95e2c466d6db9388798aa2195af8a10b59080da8687922bef5e.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
17bc9e70439db95e2c466d6db9388798aa2195af8a10b59080da8687922bef5e.dll
Resource
win10v2004-20240412-en
General
-
Target
17bc9e70439db95e2c466d6db9388798aa2195af8a10b59080da8687922bef5e.dll
-
Size
51KB
-
MD5
39b204c09a35ea509a9bf09e3ecc2053
-
SHA1
b8254c3bd672bba5bccb0d0403dedd60584d062a
-
SHA256
17bc9e70439db95e2c466d6db9388798aa2195af8a10b59080da8687922bef5e
-
SHA512
24fba00e82e2cf70baa52a516f8b646f555ba4f83ebd9c25dea44c57126469f04dd29b6bdc73bb017935cefbe824158a0bcd781429833733423d7b926e3f3dca
-
SSDEEP
1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLdJYH5:1dWubF3n9S91BF3fboJJYH5
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1448 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4448 wrote to memory of 1448 4448 rundll32.exe 85 PID 4448 wrote to memory of 1448 4448 rundll32.exe 85 PID 4448 wrote to memory of 1448 4448 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\17bc9e70439db95e2c466d6db9388798aa2195af8a10b59080da8687922bef5e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4448 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\17bc9e70439db95e2c466d6db9388798aa2195af8a10b59080da8687922bef5e.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:1448
-