Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20/10/2022, 20:15
Static task
static1
Behavioral task
behavioral1
Sample
58909812f80cde84f63b2998df7d5a83fb96c92dc0b1e80eb4f2aed64bc29f55.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
58909812f80cde84f63b2998df7d5a83fb96c92dc0b1e80eb4f2aed64bc29f55.dll
Resource
win10v2004-20220812-en
General
-
Target
58909812f80cde84f63b2998df7d5a83fb96c92dc0b1e80eb4f2aed64bc29f55.dll
-
Size
152KB
-
MD5
a04c938a3bf7b649f6120b7b9d7893b5
-
SHA1
99b7fbcf2ec02ce1c2a5d94c05f359efd974588c
-
SHA256
58909812f80cde84f63b2998df7d5a83fb96c92dc0b1e80eb4f2aed64bc29f55
-
SHA512
82d6663db00addb5789b93b8e0b70a61445b77d8924c0068c0660960fac89c83a92cc97ff079b081ae8c1cba22beab31e6b8dc56c5f6a72c013de0232d845b7f
-
SSDEEP
1536:KgI9IJkuvfZ/AuwBV/ixMSxzylHb/ZNoB4seHUvPJJw/bKSpYJ3XOOoSH/B:T6yxvfGBV/nVNseHiPDwDCToSH/
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1148 wrote to memory of 548 1148 rundll32.exe 27 PID 1148 wrote to memory of 548 1148 rundll32.exe 27 PID 1148 wrote to memory of 548 1148 rundll32.exe 27 PID 1148 wrote to memory of 548 1148 rundll32.exe 27 PID 1148 wrote to memory of 548 1148 rundll32.exe 27 PID 1148 wrote to memory of 548 1148 rundll32.exe 27 PID 1148 wrote to memory of 548 1148 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\58909812f80cde84f63b2998df7d5a83fb96c92dc0b1e80eb4f2aed64bc29f55.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1148 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\58909812f80cde84f63b2998df7d5a83fb96c92dc0b1e80eb4f2aed64bc29f55.dll,#12⤵PID:548
-