Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
171s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
01/02/2022, 10:59
Static task
static1
Behavioral task
behavioral1
Sample
080d85b4fb230f61157fdde662290742adbd105888a575cdc692c3938376e48a.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
080d85b4fb230f61157fdde662290742adbd105888a575cdc692c3938376e48a.dll
Resource
win10v2004-en-20220113
General
-
Target
080d85b4fb230f61157fdde662290742adbd105888a575cdc692c3938376e48a.dll
-
Size
225KB
-
MD5
c0a3c069a94b35620fc210e4b68b4f01
-
SHA1
e8b3ec66c28dedaa18b968bcd267a2c912a92e87
-
SHA256
080d85b4fb230f61157fdde662290742adbd105888a575cdc692c3938376e48a
-
SHA512
5bd77b40aaf46cb96c94562585b5bb0fb86e9a80d842c8e36e3c032c0d7c55cecf3aca9168df49bcc43039ccebc12a81af6dd1748962a0ae42d10c28bd6448f6
Malware Config
Extracted
zloader
main
2020-06-15
https://matarlod.org/web/data
https://datearoc.org/web/data
https://rechnecy.org/web/data
https://ramissal.org/web/data
https://raidesci.org/web/data
https://glartrot.org/web/data
https://revenapo.org/web/data
https://brenonip.org/web/data
-
build_id
7
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 752 set thread context of 1752 752 rundll32.exe 28 -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeSecurityPrivilege 1752 msiexec.exe Token: SeSecurityPrivilege 1752 msiexec.exe -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 944 wrote to memory of 752 944 rundll32.exe 27 PID 944 wrote to memory of 752 944 rundll32.exe 27 PID 944 wrote to memory of 752 944 rundll32.exe 27 PID 944 wrote to memory of 752 944 rundll32.exe 27 PID 944 wrote to memory of 752 944 rundll32.exe 27 PID 944 wrote to memory of 752 944 rundll32.exe 27 PID 944 wrote to memory of 752 944 rundll32.exe 27 PID 752 wrote to memory of 1752 752 rundll32.exe 28 PID 752 wrote to memory of 1752 752 rundll32.exe 28 PID 752 wrote to memory of 1752 752 rundll32.exe 28 PID 752 wrote to memory of 1752 752 rundll32.exe 28 PID 752 wrote to memory of 1752 752 rundll32.exe 28 PID 752 wrote to memory of 1752 752 rundll32.exe 28 PID 752 wrote to memory of 1752 752 rundll32.exe 28 PID 752 wrote to memory of 1752 752 rundll32.exe 28 PID 752 wrote to memory of 1752 752 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\080d85b4fb230f61157fdde662290742adbd105888a575cdc692c3938376e48a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:944 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\080d85b4fb230f61157fdde662290742adbd105888a575cdc692c3938376e48a.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:752 -
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Suspicious use of AdjustPrivilegeToken
PID:1752
-
-