Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
39s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
19/09/2022, 09:17
Static task
static1
Behavioral task
behavioral1
Sample
092a8e3625cc3b7bdc7ff3173e2653ffd16f0432355ec1924cc3cf804a2169ed.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
092a8e3625cc3b7bdc7ff3173e2653ffd16f0432355ec1924cc3cf804a2169ed.dll
Resource
win10v2004-20220812-en
General
-
Target
092a8e3625cc3b7bdc7ff3173e2653ffd16f0432355ec1924cc3cf804a2169ed.dll
-
Size
80KB
-
MD5
9a45f2d396b470928bda7ceb7d3473b9
-
SHA1
408061df9595e40bad6351b46a374fc309be5914
-
SHA256
092a8e3625cc3b7bdc7ff3173e2653ffd16f0432355ec1924cc3cf804a2169ed
-
SHA512
fd4de9a0cf4a93427442bd66d85bb006b9ced2d2d7657af54566216e416711295af1803f63de7e795e41d0ce400612602f101c59c5ec2561a7ac17ecc3ef44b4
-
SSDEEP
1536:qyIumrS8mhZGI1UW6Mqd8M1HOQ6/K3cuyj/S5R3d63B3:derjmhcGV6Mqdt1uQ6/K3cu4w2B3
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1384 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1112 wrote to memory of 1384 1112 rundll32.exe 26 PID 1112 wrote to memory of 1384 1112 rundll32.exe 26 PID 1112 wrote to memory of 1384 1112 rundll32.exe 26 PID 1112 wrote to memory of 1384 1112 rundll32.exe 26 PID 1112 wrote to memory of 1384 1112 rundll32.exe 26 PID 1112 wrote to memory of 1384 1112 rundll32.exe 26 PID 1112 wrote to memory of 1384 1112 rundll32.exe 26
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\092a8e3625cc3b7bdc7ff3173e2653ffd16f0432355ec1924cc3cf804a2169ed.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1112 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\092a8e3625cc3b7bdc7ff3173e2653ffd16f0432355ec1924cc3cf804a2169ed.dll,#12⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
PID:1384
-