Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
30s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
11/10/2022, 05:36
Static task
static1
Behavioral task
behavioral1
Sample
fb8d6a7230e057690d5d042122bfef84f73f3d21144445a2f8b1daf97ba35130.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
fb8d6a7230e057690d5d042122bfef84f73f3d21144445a2f8b1daf97ba35130.dll
Resource
win10v2004-20220812-en
General
-
Target
fb8d6a7230e057690d5d042122bfef84f73f3d21144445a2f8b1daf97ba35130.dll
-
Size
180KB
-
MD5
4a17c4c5e92767295c8178374eedc580
-
SHA1
46931156840d571d8176d56109fc1571fb3f2b7b
-
SHA256
fb8d6a7230e057690d5d042122bfef84f73f3d21144445a2f8b1daf97ba35130
-
SHA512
c38c8855df21a675dc7ae5531bda70de3a19d713d92d8cbb0b11c35ce2e68be8abf5f722e9f2487cb7a779630b6f9050db1b81e9b0572cebd1170c5bacdb9565
-
SSDEEP
1536:SxtFX0sTdAiM82kT0Vffug2gciLDn2oQLRs2xUyfocl6p6o0/iad4kcA9SqAkeNX:yBTd9GVto7oQVs2Cyff26o0bZ9Sv1
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1472 wrote to memory of 308 1472 rundll32.exe 28 PID 1472 wrote to memory of 308 1472 rundll32.exe 28 PID 1472 wrote to memory of 308 1472 rundll32.exe 28 PID 1472 wrote to memory of 308 1472 rundll32.exe 28 PID 1472 wrote to memory of 308 1472 rundll32.exe 28 PID 1472 wrote to memory of 308 1472 rundll32.exe 28 PID 1472 wrote to memory of 308 1472 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fb8d6a7230e057690d5d042122bfef84f73f3d21144445a2f8b1daf97ba35130.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1472 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fb8d6a7230e057690d5d042122bfef84f73f3d21144445a2f8b1daf97ba35130.dll,#12⤵PID:308
-