Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
02/10/2022, 09:43
Behavioral task
behavioral1
Sample
7edf879a9b5491001b7613e9b8fb99fb8250e6d879c22a8845d6038b37c908f6.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
7edf879a9b5491001b7613e9b8fb99fb8250e6d879c22a8845d6038b37c908f6.dll
Resource
win10v2004-20220901-en
General
-
Target
7edf879a9b5491001b7613e9b8fb99fb8250e6d879c22a8845d6038b37c908f6.dll
-
Size
63KB
-
MD5
6cb368470f933e72c4c9f0cbc90de8e6
-
SHA1
aa45d56d643c862b6e30c1b6e76550ab05afb074
-
SHA256
7edf879a9b5491001b7613e9b8fb99fb8250e6d879c22a8845d6038b37c908f6
-
SHA512
3aafc9af61d7af43c8091c6d6d9e12e93c5d5a87b1ea6314c45d0676d8413534e09ad2a541ccb3e3b6f5d1c787d4d542c8c9b4b847e95161b52d55bff1aec955
-
SSDEEP
1536:DVV1HTa30cRQlvmofjwLpPxFf0dbrxEobUZxyqPSwr:DVrW3xAvmZLpPx8ZxgyqDr
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7edf879a9b5491001b7613e9b8fb99fb8250e6d879c22a8845d6038b37c908f6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1048 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7edf879a9b5491001b7613e9b8fb99fb8250e6d879c22a8845d6038b37c908f6.dll,#12⤵PID:1928
-