Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
98s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
13/08/2024, 23:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bf6fc13b00eb7dca5b5d4f9f1c6e5180N.dll
Resource
win10v2004-20240802-en
2 signatures
120 seconds
General
-
Target
bf6fc13b00eb7dca5b5d4f9f1c6e5180N.dll
-
Size
157KB
-
MD5
bf6fc13b00eb7dca5b5d4f9f1c6e5180
-
SHA1
c5b97807eda50bcc5640a79e3d8ac4e203dd08b7
-
SHA256
9286e3cdcaaaa8390fb8be8e84f8105726b88c9252d0bc43db5763c4e15792bf
-
SHA512
bc140dcd4e2e5e564c50d86e3c2d7bbe2814ff9dcbc997c870f3d735075beb56952c73e83389b931dcfd9c59b24372a4a64f910ba4e9d724d876a0bac50d8b4b
-
SSDEEP
3072:YV5eBEZxTRbSACPLGDkYCmohRihpiB/6IUXBJ+och/9:Y0EZTwqyihpiy+f9
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3356 wrote to memory of 2448 3356 rundll32.exe 84 PID 3356 wrote to memory of 2448 3356 rundll32.exe 84 PID 3356 wrote to memory of 2448 3356 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bf6fc13b00eb7dca5b5d4f9f1c6e5180N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3356 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bf6fc13b00eb7dca5b5d4f9f1c6e5180N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2448
-