Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
135s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/05/2024, 12:18
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
MSWebp.dll
Resource
win10v2004-20240508-en
1 signatures
150 seconds
General
-
Target
MSWebp.dll
-
Size
27KB
-
MD5
b34ef82a6f065b9d343261b97c0d1f6b
-
SHA1
6068125a7e618c317eefb9abb782b32b3acd9389
-
SHA256
d47415a61a7ecb7cc5979713aa9c8741d487c6de13715a3348e477de0072e401
-
SHA512
0f8ee20f3fb2f2f66bc3c59623d86ece6bef51a682dc38c64288aa479f3ba779cfe1bc3af52ccb9165f9b21f26b7827c45ca520a1f96aa0baa45c154a0f092ae
-
SSDEEP
384:vvF11ey+r5vSM0e+XXw4lvdMRrpZA9e+4RZrsbO+ghhKWgLjgpFE83LWpHWUNUr:v/Or5KM0eaXjl4AGHi6MZ83Knmr
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4280 wrote to memory of 2012 4280 rundll32.exe 90 PID 4280 wrote to memory of 2012 4280 rundll32.exe 90 PID 4280 wrote to memory of 2012 4280 rundll32.exe 90
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\MSWebp.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4280 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\MSWebp.dll,#12⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4376,i,15142778360084620907,1763097090506261076,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:81⤵PID:4492