Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
45s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
20/10/2022, 16:33
Behavioral task
behavioral1
Sample
5dca099eaa9d1d823121414d669380ac69f97af4382e71ca7367a7480bfc9d8c.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
5dca099eaa9d1d823121414d669380ac69f97af4382e71ca7367a7480bfc9d8c.dll
Resource
win10v2004-20220901-en
General
-
Target
5dca099eaa9d1d823121414d669380ac69f97af4382e71ca7367a7480bfc9d8c.dll
-
Size
65KB
-
MD5
96eb58210dfcfa7bd3d74deb2369c600
-
SHA1
cdc118a290ddc9951c4f552bf9d9afa1398405bc
-
SHA256
5dca099eaa9d1d823121414d669380ac69f97af4382e71ca7367a7480bfc9d8c
-
SHA512
630d7fdca1cc4510051b5983f9c12cdb9c511e0d290a0b9bdc729033aae53fd4e1f5dfab2425b572e9005745e4a84ea18b24741fdbe6a954a5135f60df4db877
-
SSDEEP
1536:K3lut2L47vQkODCES8wFmasu6pqd5O7+vuQhwo:QluSeQkODCEDWm+urfYx
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1696-56-0x0000000010000000-0x000000001004E000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 852 wrote to memory of 1696 852 rundll32.exe 27 PID 852 wrote to memory of 1696 852 rundll32.exe 27 PID 852 wrote to memory of 1696 852 rundll32.exe 27 PID 852 wrote to memory of 1696 852 rundll32.exe 27 PID 852 wrote to memory of 1696 852 rundll32.exe 27 PID 852 wrote to memory of 1696 852 rundll32.exe 27 PID 852 wrote to memory of 1696 852 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5dca099eaa9d1d823121414d669380ac69f97af4382e71ca7367a7480bfc9d8c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:852 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5dca099eaa9d1d823121414d669380ac69f97af4382e71ca7367a7480bfc9d8c.dll,#12⤵PID:1696
-