Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
21/10/2022, 04:13
Behavioral task
behavioral1
Sample
66518898514a7a6390e86f1e47fb54f861d4c8018b8ae13b8026179adb6cfeb0.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
66518898514a7a6390e86f1e47fb54f861d4c8018b8ae13b8026179adb6cfeb0.dll
Resource
win10v2004-20220812-en
General
-
Target
66518898514a7a6390e86f1e47fb54f861d4c8018b8ae13b8026179adb6cfeb0.dll
-
Size
98KB
-
MD5
71c45ca05481d04355d03253d3e706ba
-
SHA1
40864404d6be1777ce7de2f1e1468b1cf00fecdf
-
SHA256
66518898514a7a6390e86f1e47fb54f861d4c8018b8ae13b8026179adb6cfeb0
-
SHA512
221a73c4e4a3901c34a04c357103193da643caabe406d6f25f2562c780a5d12dedc0063a5e683dbdf330b7dbe08ae1960f1c14608389f55fdeee543996582e56
-
SSDEEP
1536:2ZfRBV0QVXvur5Y73nzgjdLVeQrBIXt0R1aeSa97P7k01A:UfRBuQVX25Y7wFZrBcKvSahu
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1724 wrote to memory of 2032 1724 rundll32.exe 27 PID 1724 wrote to memory of 2032 1724 rundll32.exe 27 PID 1724 wrote to memory of 2032 1724 rundll32.exe 27 PID 1724 wrote to memory of 2032 1724 rundll32.exe 27 PID 1724 wrote to memory of 2032 1724 rundll32.exe 27 PID 1724 wrote to memory of 2032 1724 rundll32.exe 27 PID 1724 wrote to memory of 2032 1724 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\66518898514a7a6390e86f1e47fb54f861d4c8018b8ae13b8026179adb6cfeb0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\66518898514a7a6390e86f1e47fb54f861d4c8018b8ae13b8026179adb6cfeb0.dll,#12⤵PID:2032
-