Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

8

a594a99645...f4.dll

windows7-x64

1

a594a99645...f4.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    22s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 06:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a594a99645446611310c058a1ead316daac516142cb2d3ed4bed21f6011922f4.dll

  • Size

    97KB

  • MD5

    818ce8100aa2f8f1fa6470a7f401e4cf

  • SHA1

    b8414f48a0373c0b060e7f0fcfd121447292d43f

  • SHA256

    a594a99645446611310c058a1ead316daac516142cb2d3ed4bed21f6011922f4

  • SHA512

    eb6c1a17aee88929803442663827ae1d4152c2f180126cc07bda7f403f575a69ce7ace9ffcea876dca46f6641bf2c7336384d378637538652e2c337fc3e1b4fb

  • SSDEEP

    1536:VhAln6fjYuvecH19znu3dFlTd8UuCBmQ+u+sK8pnBGeB3sRpD:O6fVvrVhelBoLGnBGeBq

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a594a99645446611310c058a1ead316daac516142cb2d3ed4bed21f6011922f4.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1360
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a594a99645446611310c058a1ead316daac516142cb2d3ed4bed21f6011922f4.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1724-55-0x00000000751A1000-0x00000000751A3000-memory.dmp

    Filesize

    8KB

    Download