Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
05/08/2024, 22:18
Static task
static1
Behavioral task
behavioral1
Sample
15a1ef0ccf33bbef385ee0e1b524e640N.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
15a1ef0ccf33bbef385ee0e1b524e640N.dll
Resource
win10v2004-20240802-en
General
-
Target
15a1ef0ccf33bbef385ee0e1b524e640N.dll
-
Size
7KB
-
MD5
15a1ef0ccf33bbef385ee0e1b524e640
-
SHA1
1831432fd7a5e86c0a688d1fb140de8aa0be139a
-
SHA256
27b2cf09fded54e9437cdc86d0dc03c8dcf9a27db711d573850e375c2cbdc629
-
SHA512
16d31e5ede2bb85daedd27d12b31b75ce6a7da9c53295fb4dfb2770f129c0e65a7e8661dd074be3e6cc820bddaa49c50fd033ef9322c335f9582b40cc1fa5d0b
-
SSDEEP
48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPWYbABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbPOq3qX5S2hV
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4736 wrote to memory of 1280 4736 rundll32.exe 83 PID 4736 wrote to memory of 1280 4736 rundll32.exe 83 PID 4736 wrote to memory of 1280 4736 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\15a1ef0ccf33bbef385ee0e1b524e640N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4736 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\15a1ef0ccf33bbef385ee0e1b524e640N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:1280
-