Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
139s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17/05/2024, 13:33
Static task
static1
Behavioral task
behavioral1
Sample
292a4c30a58174248b8919f87a98b79af596675d4da201dc4b0d3940322000d0.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
292a4c30a58174248b8919f87a98b79af596675d4da201dc4b0d3940322000d0.dll
Resource
win10v2004-20240508-en
General
-
Target
292a4c30a58174248b8919f87a98b79af596675d4da201dc4b0d3940322000d0.dll
-
Size
179KB
-
MD5
bddf902912c8bb05e4c4bfd86d4fc246
-
SHA1
e38f22c20d402b76e4b02b505ecbc6d5b567a81f
-
SHA256
292a4c30a58174248b8919f87a98b79af596675d4da201dc4b0d3940322000d0
-
SHA512
8debafa2b255600418dc122f1bbfb138536e26dc8e491f6c323da33f6fd621a1729e3baa25479850c2060112690a36f405cba0cb7013268fbcd04f83ab3b87aa
-
SSDEEP
3072:nKmy4xsOzCn0h7G4yTUp9OimOKWaRTYUIMOmVF2lQBV+UdE+rECWp7hKaUd:Y4JQoxmOKR09MOaBV+UdvrEFp7hKNd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1504 wrote to memory of 320 1504 rundll32.exe 83 PID 1504 wrote to memory of 320 1504 rundll32.exe 83 PID 1504 wrote to memory of 320 1504 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\292a4c30a58174248b8919f87a98b79af596675d4da201dc4b0d3940322000d0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1504 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\292a4c30a58174248b8919f87a98b79af596675d4da201dc4b0d3940322000d0.dll,#12⤵PID:320
-