Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
21s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
04/10/2022, 05:42
Static task
static1
Behavioral task
behavioral1
Sample
e54bd1f30f8d1569dda12f540224f01f43cf12deb7abd3d7a63dcd4ff14914fc.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
e54bd1f30f8d1569dda12f540224f01f43cf12deb7abd3d7a63dcd4ff14914fc.dll
Resource
win10v2004-20220812-en
General
-
Target
e54bd1f30f8d1569dda12f540224f01f43cf12deb7abd3d7a63dcd4ff14914fc.dll
-
Size
274KB
-
MD5
4f32ddcce8b70f220daf51bacd506fd2
-
SHA1
4a139408ce294b27e49f8be38b18511c1a6b4ae7
-
SHA256
e54bd1f30f8d1569dda12f540224f01f43cf12deb7abd3d7a63dcd4ff14914fc
-
SHA512
3430a77000b9b145d1b39d5f75569d9b210f8f77a4bbe57ecaa64249b380e26c0d6dff09c6d64cd265419a7472a1c0935dda30e6d76197f34cc82e2ed5cd309e
-
SSDEEP
6144:uTGXCfq3+QonIjWWMgXebaPbGfrdz6yFoBrFhVVwJXP:25y3V0IiWrKfBW+QzVVw5P
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1892 rundll32.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe 1892 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2004 wrote to memory of 1892 2004 rundll32.exe 28 PID 2004 wrote to memory of 1892 2004 rundll32.exe 28 PID 2004 wrote to memory of 1892 2004 rundll32.exe 28 PID 2004 wrote to memory of 1892 2004 rundll32.exe 28 PID 2004 wrote to memory of 1892 2004 rundll32.exe 28 PID 2004 wrote to memory of 1892 2004 rundll32.exe 28 PID 2004 wrote to memory of 1892 2004 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e54bd1f30f8d1569dda12f540224f01f43cf12deb7abd3d7a63dcd4ff14914fc.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2004 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e54bd1f30f8d1569dda12f540224f01f43cf12deb7abd3d7a63dcd4ff14914fc.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1892
-