Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
133s -
max time network
108s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
06/06/2024, 01:14
Static task
static1
Behavioral task
behavioral1
Sample
79ad4ce0177961efcd8ac97baacd2d0de00fff3c7c1f05040e41ca66a2505bd0.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
79ad4ce0177961efcd8ac97baacd2d0de00fff3c7c1f05040e41ca66a2505bd0.dll
Resource
win10v2004-20240508-en
General
-
Target
79ad4ce0177961efcd8ac97baacd2d0de00fff3c7c1f05040e41ca66a2505bd0.dll
-
Size
111KB
-
MD5
18f4d4dbb5e7016bba73d3abc0d57fa8
-
SHA1
26d1a0fb6c6be9fd59816df803d576d773a16c56
-
SHA256
79ad4ce0177961efcd8ac97baacd2d0de00fff3c7c1f05040e41ca66a2505bd0
-
SHA512
c2e0451dfdff5abe13fb27ea4ffc185b6f99be3b5d8a5dc4c5eac5e36f85ddd5c1df335274665c6561517bc142b591cd047c897607719f252004893ef591d27f
-
SSDEEP
3072:xnL7Ot6WLta8ptY9+GRkor1/z6Sbe+jmsPANo:RAtawtYBzr1WthyANo
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2312 wrote to memory of 312 2312 rundll32.exe 83 PID 2312 wrote to memory of 312 2312 rundll32.exe 83 PID 2312 wrote to memory of 312 2312 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\79ad4ce0177961efcd8ac97baacd2d0de00fff3c7c1f05040e41ca66a2505bd0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\79ad4ce0177961efcd8ac97baacd2d0de00fff3c7c1f05040e41ca66a2505bd0.dll,#12⤵PID:312
-