Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
47s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
04/10/2022, 04:35
Static task
static1
Behavioral task
behavioral1
Sample
3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458.dll
Resource
win10v2004-20220901-en
General
-
Target
3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458.dll
-
Size
300KB
-
MD5
5ce56c5100e83633653a9eba854524ce
-
SHA1
cdeef6853b5dec0dee4748441b6df013c5967997
-
SHA256
3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458
-
SHA512
6744e90b7dd5734660da660ed2b143da1930230227e3b2084a2628dd84b34ccb8b538012ae1897627d24bdbbf635d74f41774720c361419384e51a169b39832c
-
SSDEEP
6144:YS08N/IjM1MvBjBk4WNFJoxtFti+nq9mgLGgAlk:YSnNAj8NJWPq9DLn+
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1768 wrote to memory of 1112 1768 rundll32.exe 27 PID 1768 wrote to memory of 1112 1768 rundll32.exe 27 PID 1768 wrote to memory of 1112 1768 rundll32.exe 27 PID 1768 wrote to memory of 1112 1768 rundll32.exe 27 PID 1768 wrote to memory of 1112 1768 rundll32.exe 27 PID 1768 wrote to memory of 1112 1768 rundll32.exe 27 PID 1768 wrote to memory of 1112 1768 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1768 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3543cc59817711b7d4969e50b44b222ca0ba5a6f43e1abedd9e22c2d4d8e9458.dll,#12⤵PID:1112
-