Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
7s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
01/10/2022, 20:42
Static task
static1
Behavioral task
behavioral1
Sample
f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3.dll
Resource
win10v2004-20220812-en
General
-
Target
f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3.dll
-
Size
65KB
-
MD5
0a076baeac651727eee5f8af019632d4
-
SHA1
aea8b091e7ddf20f10de0b308680766cf45fd68d
-
SHA256
f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3
-
SHA512
f77891785e4745ac6a078fbd17eaae9c4a54764976af3a8df76dc311d94c0bc3a856796e300acdc2433d2a3e9f9aa682d05dfe092ac8c9ce44ac9a2dd2e3168f
-
SSDEEP
1536:5SwlKC19SnIhSm9st4uqR/4QgmNSV+a9WTWaR4+PfDp+:lAM9so54Q0p96Z4+30
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2040 wrote to memory of 844 2040 rundll32.exe 28 PID 2040 wrote to memory of 844 2040 rundll32.exe 28 PID 2040 wrote to memory of 844 2040 rundll32.exe 28 PID 2040 wrote to memory of 844 2040 rundll32.exe 28 PID 2040 wrote to memory of 844 2040 rundll32.exe 28 PID 2040 wrote to memory of 844 2040 rundll32.exe 28 PID 2040 wrote to memory of 844 2040 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f1a02f4af47d3ee54ebe31cf856ba23e47f0361751da541d670ce7b027155ee3.dll,#12⤵PID:844
-