Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
04/10/2022, 01:43
Behavioral task
behavioral1
Sample
8da3400f8c2e6db838f85cde9a9eef4e87d911c3f790507239831ff64f82dde0.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
8da3400f8c2e6db838f85cde9a9eef4e87d911c3f790507239831ff64f82dde0.dll
Resource
win10v2004-20220812-en
General
-
Target
8da3400f8c2e6db838f85cde9a9eef4e87d911c3f790507239831ff64f82dde0.dll
-
Size
73KB
-
MD5
1001b213e70ef49469ab93e8a6d13fe2
-
SHA1
538cbf8622e9c5a63b912a35315e77026b6c251a
-
SHA256
8da3400f8c2e6db838f85cde9a9eef4e87d911c3f790507239831ff64f82dde0
-
SHA512
e447ae54cb8de6a8103ecb87a0992ea3b404665b04be3e17f3d32bb26865e8108f382cb3a46a2fbb8b634a75cadafd12ddbe76da4e8819ad2d9b2c6b696354bf
-
SSDEEP
1536:MhBRVgrExucMlAz5nHc4PzeIdq7RX1gIc1o8VChHEithtB:cRRsr4847dq7RaI6ovhHEkB
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1044 wrote to memory of 1368 1044 rundll32.exe 28 PID 1044 wrote to memory of 1368 1044 rundll32.exe 28 PID 1044 wrote to memory of 1368 1044 rundll32.exe 28 PID 1044 wrote to memory of 1368 1044 rundll32.exe 28 PID 1044 wrote to memory of 1368 1044 rundll32.exe 28 PID 1044 wrote to memory of 1368 1044 rundll32.exe 28 PID 1044 wrote to memory of 1368 1044 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8da3400f8c2e6db838f85cde9a9eef4e87d911c3f790507239831ff64f82dde0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1044 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8da3400f8c2e6db838f85cde9a9eef4e87d911c3f790507239831ff64f82dde0.dll,#12⤵PID:1368
-