Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1798s -
max time network
1800s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
04/07/2024, 20:17
Static task
static1
Behavioral task
behavioral1
Sample
RtlCpl.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
RtlCpl.dll
Resource
win11-20240611-en
windows11-21h2-x64
General
-
Target
RtlCpl.dll
-
Size
62KB
-
MD5
1b3372374e84f7bce872244118afddb1
-
SHA1
c413a6499504e9d6c76e7e1ebe4279197bd6ade2
-
SHA256
7bb588200e4aa1ec0ae19993f584ca2ed0207ec9be4d0e79efc357cc5660f1e5
-
SHA512
d9145e59ff3d078f3be9e1799e6d8d12426adae123743df23efbc3b6553a6437f9c069b6ca50ac1fbeb9b4f5445116cc8633ad7bb5b23bd3090996c083c625dd
-
SSDEEP
1536:CuVu3jA7/dwd5KJ661NjaJ4LHOLQ9/jUkZ/:FVu3+dwWR1NXSLQf
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
flow pid Process 1 3120 rundll32.exe 3 3120 rundll32.exe 5 3120 rundll32.exe 6 3120 rundll32.exe 7 3120 rundll32.exe 8 3120 rundll32.exe 9 3120 rundll32.exe 10 3120 rundll32.exe 11 3120 rundll32.exe 12 3120 rundll32.exe 13 3120 rundll32.exe 14 3120 rundll32.exe 15 3120 rundll32.exe 16 3120 rundll32.exe 17 3120 rundll32.exe 18 3120 rundll32.exe 19 3120 rundll32.exe 20 3120 rundll32.exe 21 3120 rundll32.exe 22 3120 rundll32.exe 23 3120 rundll32.exe 24 3120 rundll32.exe 25 3120 rundll32.exe 26 3120 rundll32.exe 27 3120 rundll32.exe 28 3120 rundll32.exe 29 3120 rundll32.exe 30 3120 rundll32.exe 31 3120 rundll32.exe 32 3120 rundll32.exe 33 3120 rundll32.exe 34 3120 rundll32.exe 35 3120 rundll32.exe 36 3120 rundll32.exe 37 3120 rundll32.exe 38 3120 rundll32.exe 39 3120 rundll32.exe 40 3120 rundll32.exe 41 3120 rundll32.exe 42 3120 rundll32.exe 43 3120 rundll32.exe 44 3120 rundll32.exe 45 3120 rundll32.exe 46 3120 rundll32.exe 47 3120 rundll32.exe 48 3120 rundll32.exe 50 3120 rundll32.exe 51 3120 rundll32.exe 52 3120 rundll32.exe 53 3120 rundll32.exe 54 3120 rundll32.exe 55 3120 rundll32.exe 56 3120 rundll32.exe 57 3120 rundll32.exe 58 3120 rundll32.exe 59 3120 rundll32.exe 60 3120 rundll32.exe 61 3120 rundll32.exe 62 3120 rundll32.exe 63 3120 rundll32.exe 64 3120 rundll32.exe 65 3120 rundll32.exe 66 3120 rundll32.exe 67 3120 rundll32.exe -
Loads dropped DLL 1 IoCs
pid Process 3120 rundll32.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\Windows\Tasks\RtlCpl.job regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\RtlCpl.dll1⤵
- Drops file in Windows directory
PID:2068
-
C:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exe "C:\ProgramData\RtlCpl\RtlCpl.dll",Start /p1⤵
- Blocklisted process makes network request
- Loads dropped DLL
PID:3120
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD51b3372374e84f7bce872244118afddb1
SHA1c413a6499504e9d6c76e7e1ebe4279197bd6ade2
SHA2567bb588200e4aa1ec0ae19993f584ca2ed0207ec9be4d0e79efc357cc5660f1e5
SHA512d9145e59ff3d078f3be9e1799e6d8d12426adae123743df23efbc3b6553a6437f9c069b6ca50ac1fbeb9b4f5445116cc8633ad7bb5b23bd3090996c083c625dd