Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
46s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
11/10/2022, 12:15
Static task
static1
Behavioral task
behavioral1
Sample
633f26cb91791e39e883ad7e236ce401be54192759797665aaf1e73c9f2944c4.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
633f26cb91791e39e883ad7e236ce401be54192759797665aaf1e73c9f2944c4.dll
Resource
win10v2004-20220812-en
General
-
Target
633f26cb91791e39e883ad7e236ce401be54192759797665aaf1e73c9f2944c4.dll
-
Size
301KB
-
MD5
44f24f30b8120e3ae6e24fedb56d3020
-
SHA1
623253b6e3c247d6b6fa7c80aac1978ad62d3e8e
-
SHA256
633f26cb91791e39e883ad7e236ce401be54192759797665aaf1e73c9f2944c4
-
SHA512
bb0b114d9c578e8a75af0244f54333661dd12477a7a95b04c9e3b663cfbce824151de05442c820ed63582d206358c06ba2cc06ded0c5bf4c7eca4d4c386b9319
-
SSDEEP
6144:Yb4JXj7ipduZ3MmXrwmnS6jcEsZZRvZOUp9jb8CgpsLl4sRSBdl68+xuL:/E/u9cpT9sCgpb4S68+Y
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1720 wrote to memory of 996 1720 rundll32.exe 27 PID 1720 wrote to memory of 996 1720 rundll32.exe 27 PID 1720 wrote to memory of 996 1720 rundll32.exe 27 PID 1720 wrote to memory of 996 1720 rundll32.exe 27 PID 1720 wrote to memory of 996 1720 rundll32.exe 27 PID 1720 wrote to memory of 996 1720 rundll32.exe 27 PID 1720 wrote to memory of 996 1720 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\633f26cb91791e39e883ad7e236ce401be54192759797665aaf1e73c9f2944c4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1720 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\633f26cb91791e39e883ad7e236ce401be54192759797665aaf1e73c9f2944c4.dll,#12⤵PID:996
-