Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
19/09/2022, 09:28
Static task
static1
Behavioral task
behavioral1
Sample
2a8aa8c9f77c83c0bde78f0db13a0d77b52fa795467a8b2f82437ead56d9bf04.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2a8aa8c9f77c83c0bde78f0db13a0d77b52fa795467a8b2f82437ead56d9bf04.dll
Resource
win10v2004-20220901-en
General
-
Target
2a8aa8c9f77c83c0bde78f0db13a0d77b52fa795467a8b2f82437ead56d9bf04.dll
-
Size
96KB
-
MD5
8583955ffba92756cbfb1cac9f5519a1
-
SHA1
deaac389556c38a6f614da0a6c2a0e85d8610b70
-
SHA256
2a8aa8c9f77c83c0bde78f0db13a0d77b52fa795467a8b2f82437ead56d9bf04
-
SHA512
2eba3308c0bd75900a8e8213591f6a481e4cdee2eecc2811e579cc52ec6fbe1129b6cd6edca6d94763c1bf1cb5a30640b6712abd1751b71f062ff2122e4c050c
-
SSDEEP
3072:gGr6KBc2/rzux6JFFRtZyj+xKt1tEjNIk6lABD:gSnc2/r/JFPtZZCMD
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1932 wrote to memory of 1460 1932 rundll32.exe 28 PID 1932 wrote to memory of 1460 1932 rundll32.exe 28 PID 1932 wrote to memory of 1460 1932 rundll32.exe 28 PID 1932 wrote to memory of 1460 1932 rundll32.exe 28 PID 1932 wrote to memory of 1460 1932 rundll32.exe 28 PID 1932 wrote to memory of 1460 1932 rundll32.exe 28 PID 1932 wrote to memory of 1460 1932 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2a8aa8c9f77c83c0bde78f0db13a0d77b52fa795467a8b2f82437ead56d9bf04.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1932 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2a8aa8c9f77c83c0bde78f0db13a0d77b52fa795467a8b2f82437ead56d9bf04.dll,#12⤵PID:1460
-