Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/10/2022, 19:31
Behavioral task
behavioral1
Sample
5f6ea5c82f85fc42e3c5609dd6c31d3ecbac3adbca28013947b6ebf5bd496415.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5f6ea5c82f85fc42e3c5609dd6c31d3ecbac3adbca28013947b6ebf5bd496415.dll
Resource
win10v2004-20220812-en
General
-
Target
5f6ea5c82f85fc42e3c5609dd6c31d3ecbac3adbca28013947b6ebf5bd496415.dll
-
Size
409KB
-
MD5
682fa833b3d4972447a62e2e6dd69ecf
-
SHA1
ecab1dd992f16a0c80b92ff06690f5507f7ff07a
-
SHA256
5f6ea5c82f85fc42e3c5609dd6c31d3ecbac3adbca28013947b6ebf5bd496415
-
SHA512
e6a14a2bb5f584d794325569fff63c403a4e5648beca66753e30deb81b30be7b8aacc833ca4bccfcb1b2b86a04f645d5c889b1638bfcea728945aa33dc46a700
-
SSDEEP
6144:CzNwdVwRCKV7aIRaPkEZkLeDtqhPlFgLOqk2R7ZsJGekvuc6c4md4b/Xut2:EqwXnRaRWLeDtqhPl8tR7WMWc6Yd4rM2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1932 wrote to memory of 2008 1932 rundll32.exe 28 PID 1932 wrote to memory of 2008 1932 rundll32.exe 28 PID 1932 wrote to memory of 2008 1932 rundll32.exe 28 PID 1932 wrote to memory of 2008 1932 rundll32.exe 28 PID 1932 wrote to memory of 2008 1932 rundll32.exe 28 PID 1932 wrote to memory of 2008 1932 rundll32.exe 28 PID 1932 wrote to memory of 2008 1932 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f6ea5c82f85fc42e3c5609dd6c31d3ecbac3adbca28013947b6ebf5bd496415.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1932 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f6ea5c82f85fc42e3c5609dd6c31d3ecbac3adbca28013947b6ebf5bd496415.dll,#12⤵PID:2008
-