Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
91s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01/06/2024, 16:30
Static task
static1
Behavioral task
behavioral1
Sample
d0357c027d29f83417ee9c491bdcf226d316086b4d5e4230c80469dd299f4664.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
d0357c027d29f83417ee9c491bdcf226d316086b4d5e4230c80469dd299f4664.dll
Resource
win10v2004-20240508-en
General
-
Target
d0357c027d29f83417ee9c491bdcf226d316086b4d5e4230c80469dd299f4664.dll
-
Size
2.0MB
-
MD5
6ce24b2acfaf2a000eeccea90f2bcfb1
-
SHA1
a14208e7cd05e5e2524b99ccf2387eeb0f6d74f7
-
SHA256
d0357c027d29f83417ee9c491bdcf226d316086b4d5e4230c80469dd299f4664
-
SHA512
9ba8529abd22e2e277c2756261f1bc2971b6a6cf6612d86a0d538ca6990387631c3422a981ae862b8824f9d33ba3dcead8f59385ce3dd5a21f93a92aa15a1502
-
SSDEEP
49152:4FIbdyf/vgyCEC3GgsqlVi9/6pNMEhJL1HvrE:QIbg/AmgsqlVi9/6pvE
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4484 wrote to memory of 3736 4484 rundll32.exe 82 PID 4484 wrote to memory of 3736 4484 rundll32.exe 82 PID 4484 wrote to memory of 3736 4484 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0357c027d29f83417ee9c491bdcf226d316086b4d5e4230c80469dd299f4664.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4484 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0357c027d29f83417ee9c491bdcf226d316086b4d5e4230c80469dd299f4664.dll,#12⤵PID:3736
-