Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06/10/2022, 16:11
Behavioral task
behavioral1
Sample
1416-57-0x00000000001A0000-0x00000000001C2000-memory.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
1416-57-0x00000000001A0000-0x00000000001C2000-memory.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
1416-57-0x00000000001A0000-0x00000000001C2000-memory.dll
-
Size
136KB
-
MD5
39a19a3c24e6aa2c23c65622adbcaccb
-
SHA1
8804d9c3e451f6f2869d6b4c0a820ef98d287112
-
SHA256
34c564c78cef958f7b977d1f5d8663c7b5da0852aea6661d77029af8ffe5a713
-
SHA512
a1f68975b1bbc820ee4bab82ec40c90610bbfef0ee6b151ee76f7dd47ec021c12a5a52719fa602a3fdcb4c509b6b42d1092f51f1e5e5f88dc9e738f0fb74f5bd
-
SSDEEP
3072:Vi60vdATaEtRzQUtsA23Jpp3q8TBfVjYSw:V2AOMRzQWp23JX3q8TBtESw
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1184 wrote to memory of 964 1184 rundll32.exe 26 PID 1184 wrote to memory of 964 1184 rundll32.exe 26 PID 1184 wrote to memory of 964 1184 rundll32.exe 26 PID 1184 wrote to memory of 964 1184 rundll32.exe 26 PID 1184 wrote to memory of 964 1184 rundll32.exe 26 PID 1184 wrote to memory of 964 1184 rundll32.exe 26 PID 1184 wrote to memory of 964 1184 rundll32.exe 26
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1416-57-0x00000000001A0000-0x00000000001C2000-memory.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1184 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1416-57-0x00000000001A0000-0x00000000001C2000-memory.dll,#12⤵PID:964
-