Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
429s -
max time network
433s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
26/10/2022, 22:39
Static task
static1
Behavioral task
behavioral1
Sample
852c45049ec6e384dea40e3cc70479ad06015277646cf30da7ef9a038de9267e.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
852c45049ec6e384dea40e3cc70479ad06015277646cf30da7ef9a038de9267e.dll
Resource
win10v2004-20220901-en
General
-
Target
852c45049ec6e384dea40e3cc70479ad06015277646cf30da7ef9a038de9267e.dll
-
Size
11KB
-
MD5
2563874010c5adf9009cb9b231c3d0fc
-
SHA1
379db96603a3d0264ea2840de47da19aee38b1c9
-
SHA256
852c45049ec6e384dea40e3cc70479ad06015277646cf30da7ef9a038de9267e
-
SHA512
c54f9d168978e834126768c5799cb9068f65dff6beabce73b7298202425f78f7f7c01ec7d4949f07c7157067993a1c3da93071fe950a0faab4d96c28abbd6412
-
SSDEEP
192:lauTvq4xfawaSuRCi8LKcrSCI1EtuXUqsENhqj1acYu9x0ylNmsUJiSIqLVJTho7:ld7q4VawaSuiSOtuEohqj1XYux00mwq6
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 1360 rundll32.exe Token: SeSecurityPrivilege 1360 rundll32.exe Token: SeTakeOwnershipPrivilege 1360 rundll32.exe Token: SeLoadDriverPrivilege 1360 rundll32.exe Token: SeSystemProfilePrivilege 1360 rundll32.exe Token: SeSystemtimePrivilege 1360 rundll32.exe Token: SeProfSingleProcessPrivilege 1360 rundll32.exe Token: SeIncBasePriorityPrivilege 1360 rundll32.exe Token: SeCreatePagefilePrivilege 1360 rundll32.exe Token: SeBackupPrivilege 1360 rundll32.exe Token: SeRestorePrivilege 1360 rundll32.exe Token: SeShutdownPrivilege 1360 rundll32.exe Token: SeDebugPrivilege 1360 rundll32.exe Token: SeSystemEnvironmentPrivilege 1360 rundll32.exe Token: SeChangeNotifyPrivilege 1360 rundll32.exe Token: SeRemoteShutdownPrivilege 1360 rundll32.exe Token: SeUndockPrivilege 1360 rundll32.exe Token: SeManageVolumePrivilege 1360 rundll32.exe Token: SeImpersonatePrivilege 1360 rundll32.exe Token: SeCreateGlobalPrivilege 1360 rundll32.exe Token: 33 1360 rundll32.exe Token: 34 1360 rundll32.exe Token: 35 1360 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1512 wrote to memory of 1360 1512 rundll32.exe 27 PID 1512 wrote to memory of 1360 1512 rundll32.exe 27 PID 1512 wrote to memory of 1360 1512 rundll32.exe 27 PID 1512 wrote to memory of 1360 1512 rundll32.exe 27 PID 1512 wrote to memory of 1360 1512 rundll32.exe 27 PID 1512 wrote to memory of 1360 1512 rundll32.exe 27 PID 1512 wrote to memory of 1360 1512 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\852c45049ec6e384dea40e3cc70479ad06015277646cf30da7ef9a038de9267e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1512 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\852c45049ec6e384dea40e3cc70479ad06015277646cf30da7ef9a038de9267e.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
PID:1360
-