Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
93s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28/06/2024, 13:25
Behavioral task
behavioral1
Sample
3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll
Resource
win10v2004-20240508-en
General
-
Target
3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll
-
Size
13.2MB
-
MD5
f4c06995470f34390e9090a2c7a3fc95
-
SHA1
a0fe4f9551ebdaa5e7e983e583eefd4a2d0cef92
-
SHA256
3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251
-
SHA512
7484fb4154cf5eb6715bbe43f020508662d1c244dc02ad662f2f15a8e4fe7f76c5a07b84a7d4de9d43e800ab23c9b5cb6de9d14f57a3365679ebb5603ca5ecce
-
SSDEEP
196608:1b2mHsvktiRxL2FSmXfsCkLZopUrt3iyOAaCxq7sNvD1IaeOZiG6BrKl9i:l2mvgL2zEaa1iyOAlvSxOEGmr
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4996 wrote to memory of 684 4996 rundll32.exe 81 PID 4996 wrote to memory of 684 4996 rundll32.exe 81 PID 4996 wrote to memory of 684 4996 rundll32.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4996 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll,#12⤵PID:684
-