Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
12/10/2022, 16:57
Behavioral task
behavioral1
Sample
3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27.dll
Resource
win10v2004-20220812-en
General
-
Target
3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27.dll
-
Size
94KB
-
MD5
595f6335fbaa81038533cf0b43375b41
-
SHA1
8baa187cf8cd08c6786b8b2f5c1589c0a2094c76
-
SHA256
3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27
-
SHA512
e3cafb18b3e57f4482ccccdc90f5d1cd1034b2b8764489491c4e95c0932c340ebb0cc8fb39f8de46627924c9fe277a5f15f619459c74ab3a2c86c5cfc5a0584c
-
SSDEEP
1536:dC42owFQhOndUNOyTV0Xvn8RPpPEzA/7tK9i3y8/Pmgz+amTOwrPVsEP4awac:dFhw9d6TQ8sA/7U9axJzfZwrNsEnM
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 896 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1812 wrote to memory of 896 1812 rundll32.exe 28 PID 1812 wrote to memory of 896 1812 rundll32.exe 28 PID 1812 wrote to memory of 896 1812 rundll32.exe 28 PID 1812 wrote to memory of 896 1812 rundll32.exe 28 PID 1812 wrote to memory of 896 1812 rundll32.exe 28 PID 1812 wrote to memory of 896 1812 rundll32.exe 28 PID 1812 wrote to memory of 896 1812 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1812 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f812f1c8f7b16e7cd36d4366134232e560398ef9cdfb66218fc551378e4ab27.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
PID:896
-