Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
115s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/09/2024, 22:24
Static task
static1
Behavioral task
behavioral1
Sample
699aeabadaa2619cde0545b88d11ec91b5b2325d967ea14aa8a228c64dd515d1N.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
699aeabadaa2619cde0545b88d11ec91b5b2325d967ea14aa8a228c64dd515d1N.dll
Resource
win10v2004-20240802-en
General
-
Target
699aeabadaa2619cde0545b88d11ec91b5b2325d967ea14aa8a228c64dd515d1N.dll
-
Size
6KB
-
MD5
1b149128c2d8861e02e3d47b6e68f520
-
SHA1
183618d1b3b412237c50b059fc47a23e6f60b9c9
-
SHA256
699aeabadaa2619cde0545b88d11ec91b5b2325d967ea14aa8a228c64dd515d1
-
SHA512
18895def7b2c215f46ec9f266669ba280398478bb9e72021f543600656c6abacb22e563d1070b67a1c1b9b50f5d93f69ee8be90579c2a9a9f1ddb7e62d299635
-
SSDEEP
48:6AA35YVOQDV8FszwydlAYsLFV3G02B+BDq9J5S2:0QDV8FscMjsLFV3+B+FqX5S2
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3476 wrote to memory of 1312 3476 rundll32.exe 89 PID 3476 wrote to memory of 1312 3476 rundll32.exe 89 PID 3476 wrote to memory of 1312 3476 rundll32.exe 89
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\699aeabadaa2619cde0545b88d11ec91b5b2325d967ea14aa8a228c64dd515d1N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3476 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\699aeabadaa2619cde0545b88d11ec91b5b2325d967ea14aa8a228c64dd515d1N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:1312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4104,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=4056 /prefetch:81⤵PID:4940