Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
09/03/2022, 13:35
Static task
static1
Behavioral task
behavioral1
Sample
08cb15d9f0002f9c8cddc10e7e6a63fc9e621adc53686c0ed6cf296f60a83f31.dll
Resource
win7-en-20211208
windows7_x64
General
-
Target
08cb15d9f0002f9c8cddc10e7e6a63fc9e621adc53686c0ed6cf296f60a83f31.dll
-
Size
438KB
-
MD5
1d09fc6d3308be3bfcc43fe2a8205263
-
SHA1
07e2d91dc8c1f550baf7e613a5a77f6d575b27d1
-
SHA256
08cb15d9f0002f9c8cddc10e7e6a63fc9e621adc53686c0ed6cf296f60a83f31
-
SHA512
e83080ff09630198f32e8b86a9ac391b9637d8e16b535d05c80037497c522f7fffe2c005ecfb713b85c4a6f529533d33424ed75312e05bd1b458975d53df8deb
Malware Config
Extracted
zloader
kev
02/12
https://www.alhasanatbooks.com/reader.php
https://aflim.org.ng/wp-punch.php
https://sardarmohammad.com/reports.php
https://erikarabelo.com.br/server.php
https://thechapelofthehealingcross.org/java.php
https://grebcanualcwilfprofal.ml/wp-smarts.php
-
build_id
261
Signatures
-
Blocklisted process makes network request 54 IoCs
flow pid Process 5 976 msiexec.exe 6 976 msiexec.exe 7 976 msiexec.exe 8 976 msiexec.exe 9 976 msiexec.exe 10 976 msiexec.exe 11 976 msiexec.exe 12 976 msiexec.exe 13 976 msiexec.exe 14 976 msiexec.exe 15 976 msiexec.exe 16 976 msiexec.exe 17 976 msiexec.exe 18 976 msiexec.exe 19 976 msiexec.exe 20 976 msiexec.exe 21 976 msiexec.exe 22 976 msiexec.exe 23 976 msiexec.exe 24 976 msiexec.exe 25 976 msiexec.exe 27 976 msiexec.exe 28 976 msiexec.exe 29 976 msiexec.exe 33 976 msiexec.exe 34 976 msiexec.exe 35 976 msiexec.exe 36 976 msiexec.exe 37 976 msiexec.exe 38 976 msiexec.exe 41 976 msiexec.exe 42 976 msiexec.exe 43 976 msiexec.exe 44 976 msiexec.exe 45 976 msiexec.exe 46 976 msiexec.exe 47 976 msiexec.exe 48 976 msiexec.exe 49 976 msiexec.exe 50 976 msiexec.exe 51 976 msiexec.exe 52 976 msiexec.exe 53 976 msiexec.exe 54 976 msiexec.exe 55 976 msiexec.exe 56 976 msiexec.exe 57 976 msiexec.exe 58 976 msiexec.exe 59 976 msiexec.exe 60 976 msiexec.exe 61 976 msiexec.exe 63 976 msiexec.exe 64 976 msiexec.exe 65 976 msiexec.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 1804 set thread context of 976 1804 rundll32.exe 28 -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeSecurityPrivilege 976 msiexec.exe Token: SeSecurityPrivilege 976 msiexec.exe -
Suspicious use of WriteProcessMemory 16 IoCs
description pid Process procid_target PID 1184 wrote to memory of 1804 1184 rundll32.exe 27 PID 1184 wrote to memory of 1804 1184 rundll32.exe 27 PID 1184 wrote to memory of 1804 1184 rundll32.exe 27 PID 1184 wrote to memory of 1804 1184 rundll32.exe 27 PID 1184 wrote to memory of 1804 1184 rundll32.exe 27 PID 1184 wrote to memory of 1804 1184 rundll32.exe 27 PID 1184 wrote to memory of 1804 1184 rundll32.exe 27 PID 1804 wrote to memory of 976 1804 rundll32.exe 28 PID 1804 wrote to memory of 976 1804 rundll32.exe 28 PID 1804 wrote to memory of 976 1804 rundll32.exe 28 PID 1804 wrote to memory of 976 1804 rundll32.exe 28 PID 1804 wrote to memory of 976 1804 rundll32.exe 28 PID 1804 wrote to memory of 976 1804 rundll32.exe 28 PID 1804 wrote to memory of 976 1804 rundll32.exe 28 PID 1804 wrote to memory of 976 1804 rundll32.exe 28 PID 1804 wrote to memory of 976 1804 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\08cb15d9f0002f9c8cddc10e7e6a63fc9e621adc53686c0ed6cf296f60a83f31.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1184 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\08cb15d9f0002f9c8cddc10e7e6a63fc9e621adc53686c0ed6cf296f60a83f31.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1804 -
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Blocklisted process makes network request
- Suspicious use of AdjustPrivilegeToken
PID:976
-
-