Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
11/10/2022, 10:01
Static task
static1
Behavioral task
behavioral1
Sample
05af6b7f29040d1cba0b8c48905520a798f2573f3190cafb018bcb100e2b3152.dll
Resource
win7-20220901-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
05af6b7f29040d1cba0b8c48905520a798f2573f3190cafb018bcb100e2b3152.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
05af6b7f29040d1cba0b8c48905520a798f2573f3190cafb018bcb100e2b3152.dll
-
Size
4KB
-
MD5
74d0d1a45bc8ee620e13b127581cb0ce
-
SHA1
ff8636c9987c4f6354831f2fa8179610701826f0
-
SHA256
05af6b7f29040d1cba0b8c48905520a798f2573f3190cafb018bcb100e2b3152
-
SHA512
a8e24e367cab962d171b8ab9c837daadf9538bd073dd70609d0e6bddbeccd7af6789d21a7c3afee838b40b19d9ee68f1186a7998d1e7ccc75ef055c10674562a
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1276 wrote to memory of 620 1276 rundll32.exe 27 PID 1276 wrote to memory of 620 1276 rundll32.exe 27 PID 1276 wrote to memory of 620 1276 rundll32.exe 27 PID 1276 wrote to memory of 620 1276 rundll32.exe 27 PID 1276 wrote to memory of 620 1276 rundll32.exe 27 PID 1276 wrote to memory of 620 1276 rundll32.exe 27 PID 1276 wrote to memory of 620 1276 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05af6b7f29040d1cba0b8c48905520a798f2573f3190cafb018bcb100e2b3152.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1276 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\05af6b7f29040d1cba0b8c48905520a798f2573f3190cafb018bcb100e2b3152.dll,#12⤵PID:620
-