Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
14/10/2022, 10:33
Static task
static1
Behavioral task
behavioral1
Sample
fa89a16d1138b68a51d563f6a8b5d74dceaaa0c83615d890727b2bac136e1d74.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
fa89a16d1138b68a51d563f6a8b5d74dceaaa0c83615d890727b2bac136e1d74.dll
Resource
win10v2004-20220812-en
General
-
Target
fa89a16d1138b68a51d563f6a8b5d74dceaaa0c83615d890727b2bac136e1d74.dll
-
Size
5KB
-
MD5
747da367c3c325b6d2f620fa0b8f21bc
-
SHA1
47ec08111c4b4de4082696b8b56e29252eb5588d
-
SHA256
fa89a16d1138b68a51d563f6a8b5d74dceaaa0c83615d890727b2bac136e1d74
-
SHA512
1edfcf86d7b858e7fe850f840b789ab5b342460c5e86786c67c5896a8829f6764b62da7d7209614276bd976d8ee8d57bf5f6c1c138a20e769c0d01d8ded4aab7
-
SSDEEP
96:hy859x0P8MasVW7by3RfdF2Py+IvSjGENLfhajSS1X4:F5oLvWfy3Rfb2PnGswjSS1X4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1696 wrote to memory of 944 1696 rundll32.exe 27 PID 1696 wrote to memory of 944 1696 rundll32.exe 27 PID 1696 wrote to memory of 944 1696 rundll32.exe 27 PID 1696 wrote to memory of 944 1696 rundll32.exe 27 PID 1696 wrote to memory of 944 1696 rundll32.exe 27 PID 1696 wrote to memory of 944 1696 rundll32.exe 27 PID 1696 wrote to memory of 944 1696 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fa89a16d1138b68a51d563f6a8b5d74dceaaa0c83615d890727b2bac136e1d74.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1696 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fa89a16d1138b68a51d563f6a8b5d74dceaaa0c83615d890727b2bac136e1d74.dll,#12⤵PID:944
-