Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    41s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2022, 19:31

General

  • Target

    5f6ea5c82f85fc42e3c5609dd6c31d3ecbac3adbca28013947b6ebf5bd496415.dll

  • Size

    409KB

  • MD5

    682fa833b3d4972447a62e2e6dd69ecf

  • SHA1

    ecab1dd992f16a0c80b92ff06690f5507f7ff07a

  • SHA256

    5f6ea5c82f85fc42e3c5609dd6c31d3ecbac3adbca28013947b6ebf5bd496415

  • SHA512

    e6a14a2bb5f584d794325569fff63c403a4e5648beca66753e30deb81b30be7b8aacc833ca4bccfcb1b2b86a04f645d5c889b1638bfcea728945aa33dc46a700

  • SSDEEP

    6144:CzNwdVwRCKV7aIRaPkEZkLeDtqhPlFgLOqk2R7ZsJGekvuc6c4md4b/Xut2:EqwXnRaRWLeDtqhPl8tR7WMWc6Yd4rM2

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f6ea5c82f85fc42e3c5609dd6c31d3ecbac3adbca28013947b6ebf5bd496415.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f6ea5c82f85fc42e3c5609dd6c31d3ecbac3adbca28013947b6ebf5bd496415.dll,#1
      2⤵
        PID:2008

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2008-55-0x0000000076181000-0x0000000076183000-memory.dmp

      Filesize

      8KB

    • memory/2008-56-0x0000000010000000-0x0000000010122000-memory.dmp

      Filesize

      1.1MB