Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
95s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
28/09/2024, 11:57
Static task
static1
Behavioral task
behavioral1
Sample
ssleay32.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
ssleay32.dll
Resource
win10v2004-20240802-en
General
-
Target
ssleay32.dll
-
Size
265KB
-
MD5
65e4edff979798b859f1f315c006f10d
-
SHA1
a0767f44199172fbf50e03c779e94b4d7295ed5c
-
SHA256
4061585016b61fb36463d17f2f8c24be4280e5193387fd5e048dee0dcea8067b
-
SHA512
41b3471117bb3edb58868d8bf9a31ae3ff6af60cf09bd43e83c0f5a78a0c9cf7f21efec82229c50669bb083bfa457aeaeb3ba518a07dfd47efcc4391ca2dae63
-
SSDEEP
6144:nhRhuhiyN5A8A6N+bKH/iYhUpeBetnLBDYFq4IrnX7Y5FJ/Uf1IW5WHDwx7DSAf3:nhR0iyNe8A6N+mH/iYqUBetnLB0Fq4IP
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1104 wrote to memory of 3656 1104 rundll32.exe 82 PID 1104 wrote to memory of 3656 1104 rundll32.exe 82 PID 1104 wrote to memory of 3656 1104 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ssleay32.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ssleay32.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:3656
-