Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23/04/2024, 03:02
Behavioral task
behavioral1
Sample
23a10b021b89ccbf789f906b003ac2b2b0c775dc6f07f6c902a2026604b61bf8.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
23a10b021b89ccbf789f906b003ac2b2b0c775dc6f07f6c902a2026604b61bf8.dll
Resource
win10v2004-20240412-en
General
-
Target
23a10b021b89ccbf789f906b003ac2b2b0c775dc6f07f6c902a2026604b61bf8.dll
-
Size
899KB
-
MD5
98036583538dcfaa82a79f8a20027065
-
SHA1
8b7b6468889dfae8f43c8f4497963de4cb934cb1
-
SHA256
23a10b021b89ccbf789f906b003ac2b2b0c775dc6f07f6c902a2026604b61bf8
-
SHA512
bb8277cf66cd69a4b39d5a181fff7003f0a7f6ce52ba8a11cf8468a87e6179486c43fc140efcbe69c725ae8c3421b2e55663c2f121c762ad0fa346f6808834c9
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX5:7wqd87V5
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2500 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3960 wrote to memory of 2500 3960 rundll32.exe 85 PID 3960 wrote to memory of 2500 3960 rundll32.exe 85 PID 3960 wrote to memory of 2500 3960 rundll32.exe 85
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\23a10b021b89ccbf789f906b003ac2b2b0c775dc6f07f6c902a2026604b61bf8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3960 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\23a10b021b89ccbf789f906b003ac2b2b0c775dc6f07f6c902a2026604b61bf8.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2500
-