Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1798s -
max time network
1802s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2024, 20:17
Static task
static1
Behavioral task
behavioral1
Sample
RtlCpl.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
RtlCpl.dll
Resource
win11-20240611-en
windows11-21h2-x64
General
-
Target
RtlCpl.dll
-
Size
62KB
-
MD5
1b3372374e84f7bce872244118afddb1
-
SHA1
c413a6499504e9d6c76e7e1ebe4279197bd6ade2
-
SHA256
7bb588200e4aa1ec0ae19993f584ca2ed0207ec9be4d0e79efc357cc5660f1e5
-
SHA512
d9145e59ff3d078f3be9e1799e6d8d12426adae123743df23efbc3b6553a6437f9c069b6ca50ac1fbeb9b4f5445116cc8633ad7bb5b23bd3090996c083c625dd
-
SSDEEP
1536:CuVu3jA7/dwd5KJ661NjaJ4LHOLQ9/jUkZ/:FVu3+dwWR1NXSLQf
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
flow pid Process 7 4032 rundll32.exe 9 4032 rundll32.exe 10 4032 rundll32.exe 11 4032 rundll32.exe 12 4032 rundll32.exe 13 4032 rundll32.exe 14 4032 rundll32.exe 15 4032 rundll32.exe 16 4032 rundll32.exe 20 4032 rundll32.exe 21 4032 rundll32.exe 22 4032 rundll32.exe 23 4032 rundll32.exe 24 4032 rundll32.exe 27 4032 rundll32.exe 28 4032 rundll32.exe 29 4032 rundll32.exe 30 4032 rundll32.exe 31 4032 rundll32.exe 32 4032 rundll32.exe 33 4032 rundll32.exe 34 4032 rundll32.exe 35 4032 rundll32.exe 36 4032 rundll32.exe 37 4032 rundll32.exe 41 4032 rundll32.exe 42 4032 rundll32.exe 43 4032 rundll32.exe 44 4032 rundll32.exe 45 4032 rundll32.exe 46 4032 rundll32.exe 47 4032 rundll32.exe 48 4032 rundll32.exe 49 4032 rundll32.exe 50 4032 rundll32.exe 51 4032 rundll32.exe 55 4032 rundll32.exe 56 4032 rundll32.exe 57 4032 rundll32.exe 58 4032 rundll32.exe 59 4032 rundll32.exe 60 4032 rundll32.exe 61 4032 rundll32.exe 62 4032 rundll32.exe 63 4032 rundll32.exe 64 4032 rundll32.exe 65 4032 rundll32.exe 66 4032 rundll32.exe 67 4032 rundll32.exe 68 4032 rundll32.exe 69 4032 rundll32.exe 70 4032 rundll32.exe 71 4032 rundll32.exe 72 4032 rundll32.exe 73 4032 rundll32.exe 74 4032 rundll32.exe 75 4032 rundll32.exe 76 4032 rundll32.exe 77 4032 rundll32.exe 78 4032 rundll32.exe 79 4032 rundll32.exe 80 4032 rundll32.exe 81 4032 rundll32.exe 82 4032 rundll32.exe -
Loads dropped DLL 1 IoCs
pid Process 4032 rundll32.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Tasks\RtlCpl.job regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\RtlCpl.dll1⤵
- Drops file in Windows directory
PID:1712
-
C:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exe "C:\ProgramData\RtlCpl\RtlCpl.dll",Start /p1⤵
- Blocklisted process makes network request
- Loads dropped DLL
PID:4032
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD51b3372374e84f7bce872244118afddb1
SHA1c413a6499504e9d6c76e7e1ebe4279197bd6ade2
SHA2567bb588200e4aa1ec0ae19993f584ca2ed0207ec9be4d0e79efc357cc5660f1e5
SHA512d9145e59ff3d078f3be9e1799e6d8d12426adae123743df23efbc3b6553a6437f9c069b6ca50ac1fbeb9b4f5445116cc8633ad7bb5b23bd3090996c083c625dd