Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
132s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25/05/2024, 22:19
Static task
static1
Behavioral task
behavioral1
Sample
60f415a0689aecb60c0e0287bd36ad1e376a5a9a7a735c6ea1d25a0b868c0eb8.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
60f415a0689aecb60c0e0287bd36ad1e376a5a9a7a735c6ea1d25a0b868c0eb8.dll
Resource
win10v2004-20240508-en
General
-
Target
60f415a0689aecb60c0e0287bd36ad1e376a5a9a7a735c6ea1d25a0b868c0eb8.dll
-
Size
327KB
-
MD5
f5327955ee28be0fc9b74504fafbbc1d
-
SHA1
181c3225157aa7d1580ac65a9dccb62f7e2f4da6
-
SHA256
60f415a0689aecb60c0e0287bd36ad1e376a5a9a7a735c6ea1d25a0b868c0eb8
-
SHA512
13255c18249de839cea36014546af6c16e79596073fe54f72a4ea9a8575c2fd754fb5ac8ca724d5793463977ac24a7ad0fc96d9240137eeef8fb86da2a5e6353
-
SSDEEP
6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3188 wrote to memory of 3092 3188 rundll32.exe 83 PID 3188 wrote to memory of 3092 3188 rundll32.exe 83 PID 3188 wrote to memory of 3092 3188 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\60f415a0689aecb60c0e0287bd36ad1e376a5a9a7a735c6ea1d25a0b868c0eb8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3188 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\60f415a0689aecb60c0e0287bd36ad1e376a5a9a7a735c6ea1d25a0b868c0eb8.dll,#12⤵PID:3092
-