Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
92s -
max time network
119s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
27/09/2024, 13:08
Static task
static1
Behavioral task
behavioral1
Sample
RENAMEME.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
RENAMEME.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
hallo.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
hallo.dll
Resource
win10v2004-20240802-en
General
-
Target
hallo.dll
-
Size
32KB
-
MD5
7241a341453d3d8f9d99d79d38c0bc76
-
SHA1
2985b5e8e2e0370dcb6f51b35f1fe86a0a982494
-
SHA256
d4b96a408e2c0f2a247fc3b7514d3ed25b3abe1ead721c7c56cbd77fed2c1e45
-
SHA512
745c6145229d586ec2a4d906ddba97c76dc65a3d7b746421a24c5820c57061fd4386ec1d7c9a46baed7d8c589681cfc6a12f12dac9eb94bd308fd5771bb23d3b
-
SSDEEP
384:nLrxfxydpyqmQ5he0CSRcCnmI/vi/P8VgzLaTM61BsM3qlM6YSWc2h8Bod4:/RADx/e0LRc+mIc5zOTaM3EnVCxd4
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1948 wrote to memory of 4040 1948 rundll32.exe 82 PID 1948 wrote to memory of 4040 1948 rundll32.exe 82 PID 1948 wrote to memory of 4040 1948 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\hallo.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1948 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\hallo.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4040
-