Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
4s -
max time network
12s -
platform
windows7_x64 -
resource
win7v200722 -
submitted
07/10/2020, 06:08
Static task
static1
Behavioral task
behavioral1
Sample
dmocx.dll
Resource
win7v200722
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
dmocx.dll
Resource
win10v200722
0 signatures
0 seconds
General
-
Target
dmocx.dll
-
Size
788KB
-
MD5
4c36c3533a283e1aa199f80e20d264b9
-
SHA1
f73e31d11f462f522a883c8f8f06d44f8d3e2f01
-
SHA256
aee131ba1bfc4b6fa1961a7336e43d667086ebd2c7ff81029e14b2bf47d9f3a7
-
SHA512
b2bae09cf2cce6c51b927aec9d9e3d66105337fbc81460350c5b2d255414f14e41c698f8ab4f06d2b98da684d854008bab78bf7a54cdf988969736ebb1272e50
Score
10/10
Malware Config
Signatures
-
Egregor Ransomware
Variant of the Sekhmet ransomware first seen in September 2020.
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1280 wrote to memory of 1656 1280 rundll32.exe 24 PID 1280 wrote to memory of 1656 1280 rundll32.exe 24 PID 1280 wrote to memory of 1656 1280 rundll32.exe 24 PID 1280 wrote to memory of 1656 1280 rundll32.exe 24 PID 1280 wrote to memory of 1656 1280 rundll32.exe 24 PID 1280 wrote to memory of 1656 1280 rundll32.exe 24 PID 1280 wrote to memory of 1656 1280 rundll32.exe 24