Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
21/10/2022, 00:56
Static task
static1
Behavioral task
behavioral1
Sample
0571ffb1df662f09644a846ce8638dea5ea55a46c3d71f49492b8a069d5a11c4.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0571ffb1df662f09644a846ce8638dea5ea55a46c3d71f49492b8a069d5a11c4.dll
Resource
win10v2004-20220812-en
General
-
Target
0571ffb1df662f09644a846ce8638dea5ea55a46c3d71f49492b8a069d5a11c4.dll
-
Size
76KB
-
MD5
20aa27036fda116cf29ac449b7ed78f5
-
SHA1
b6685fd04b74a8da91bbfd4d185649a31424945b
-
SHA256
0571ffb1df662f09644a846ce8638dea5ea55a46c3d71f49492b8a069d5a11c4
-
SHA512
e78b497f52e74b414da5976330c2b9aba197e3249f948266dcf75243ee0425a2d2d5d81b0f279de21fc83b08336a3674c580a7ab6cd2463be631b69da55d9c34
-
SSDEEP
1536:U21tgmSiRUEaS/wZFzWZOG5nPAqr0/Q8QuiF1FmCg6wFRfm:Uo2iJ5IZFCz1oK8Cgbm
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1416 wrote to memory of 2040 1416 rundll32.exe 27 PID 1416 wrote to memory of 2040 1416 rundll32.exe 27 PID 1416 wrote to memory of 2040 1416 rundll32.exe 27 PID 1416 wrote to memory of 2040 1416 rundll32.exe 27 PID 1416 wrote to memory of 2040 1416 rundll32.exe 27 PID 1416 wrote to memory of 2040 1416 rundll32.exe 27 PID 1416 wrote to memory of 2040 1416 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0571ffb1df662f09644a846ce8638dea5ea55a46c3d71f49492b8a069d5a11c4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1416 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0571ffb1df662f09644a846ce8638dea5ea55a46c3d71f49492b8a069d5a11c4.dll,#12⤵PID:2040
-