Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
38s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
02/10/2022, 13:11
Static task
static1
Behavioral task
behavioral1
Sample
718fe2a291ab3a239b85e4ecca49f3ece7748efe386ee91b940a7b2fc503722b.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
718fe2a291ab3a239b85e4ecca49f3ece7748efe386ee91b940a7b2fc503722b.dll
Resource
win10v2004-20220812-en
General
-
Target
718fe2a291ab3a239b85e4ecca49f3ece7748efe386ee91b940a7b2fc503722b.dll
-
Size
167KB
-
MD5
6f534cb5e967f62f478e9d63cbacd970
-
SHA1
2dbffb250a2a0737e71cfe5eeb3795b33a4d20ee
-
SHA256
718fe2a291ab3a239b85e4ecca49f3ece7748efe386ee91b940a7b2fc503722b
-
SHA512
503d3e57a2419e54b9254d9eb9245095a61deb1f7304f29972f93b3193f0f84b9cfba4c679db8b94749ba51d52b692d9f4bd3124b63473bb871f515e99131dee
-
SSDEEP
1536:aI8oIFIJkuvfZ/Auwu7PVNl4ocmLVWqZ+duYTBBSxyF5S3vhCwh+wPj86bk3CLZk:aaSyxvfGuzMpYYAL5pzHeba
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 780 wrote to memory of 1648 780 rundll32.exe 27 PID 780 wrote to memory of 1648 780 rundll32.exe 27 PID 780 wrote to memory of 1648 780 rundll32.exe 27 PID 780 wrote to memory of 1648 780 rundll32.exe 27 PID 780 wrote to memory of 1648 780 rundll32.exe 27 PID 780 wrote to memory of 1648 780 rundll32.exe 27 PID 780 wrote to memory of 1648 780 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\718fe2a291ab3a239b85e4ecca49f3ece7748efe386ee91b940a7b2fc503722b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:780 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\718fe2a291ab3a239b85e4ecca49f3ece7748efe386ee91b940a7b2fc503722b.dll,#12⤵PID:1648
-