Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
28s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
19/10/2022, 14:10
Static task
static1
Behavioral task
behavioral1
Sample
cc87b82b8af6d906657bc373fcdb7b8a48035ed8b651da3424de6ba10d11659f.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cc87b82b8af6d906657bc373fcdb7b8a48035ed8b651da3424de6ba10d11659f.dll
Resource
win10v2004-20220812-en
General
-
Target
cc87b82b8af6d906657bc373fcdb7b8a48035ed8b651da3424de6ba10d11659f.dll
-
Size
337KB
-
MD5
90a2bb9629a8910139ec1979eea58a81
-
SHA1
31be20f28a421697fd0413f0ea384c46692ea7d3
-
SHA256
cc87b82b8af6d906657bc373fcdb7b8a48035ed8b651da3424de6ba10d11659f
-
SHA512
4e63887a681d5d44a3d454fb926d78b0314002184d2057c8f32185c29d4125ed6849b306eade806609f6c3cf8e77cfe509c1befe45e61edffc885174646ed8c6
-
SSDEEP
6144:WS9akwp1uXbe3swM22Rk4IfyBKJ5IJteVvWtPfrHGo4eun:R9aZvuy3swM2VjBesvWtCo4Dn
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1692 wrote to memory of 1448 1692 rundll32.exe 28 PID 1692 wrote to memory of 1448 1692 rundll32.exe 28 PID 1692 wrote to memory of 1448 1692 rundll32.exe 28 PID 1692 wrote to memory of 1448 1692 rundll32.exe 28 PID 1692 wrote to memory of 1448 1692 rundll32.exe 28 PID 1692 wrote to memory of 1448 1692 rundll32.exe 28 PID 1692 wrote to memory of 1448 1692 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cc87b82b8af6d906657bc373fcdb7b8a48035ed8b651da3424de6ba10d11659f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1692 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cc87b82b8af6d906657bc373fcdb7b8a48035ed8b651da3424de6ba10d11659f.dll,#12⤵PID:1448
-