Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
38s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29/10/2022, 20:13
Static task
static1
Behavioral task
behavioral1
Sample
d5f709066100504066076108fc2d7cf1761f5ec60def036dffe7c34823a33ba7.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d5f709066100504066076108fc2d7cf1761f5ec60def036dffe7c34823a33ba7.dll
Resource
win10v2004-20220901-en
General
-
Target
d5f709066100504066076108fc2d7cf1761f5ec60def036dffe7c34823a33ba7.dll
-
Size
265KB
-
MD5
a37e1fe9878fcb911b0b3aa7734bf4e0
-
SHA1
902a6f27f51f67f7d3db4d77ee593d14a894d72e
-
SHA256
d5f709066100504066076108fc2d7cf1761f5ec60def036dffe7c34823a33ba7
-
SHA512
d293edc2d22ea9ee80871ededc16b99c471a6cba43cb110193f54f736b746461e013bef10166f869cb13954200a8dedadc3ae129819a351ce0385392e2e1a4f7
-
SSDEEP
3072:GXWAGrvnenIwFuAIgmGQd0OyRj+6EFfKwfD/QVNXtddSKqP0k/E:GXWAqaIwKFCwb0tdNqP0E
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1672 wrote to memory of 1644 1672 rundll32.exe 27 PID 1672 wrote to memory of 1644 1672 rundll32.exe 27 PID 1672 wrote to memory of 1644 1672 rundll32.exe 27 PID 1672 wrote to memory of 1644 1672 rundll32.exe 27 PID 1672 wrote to memory of 1644 1672 rundll32.exe 27 PID 1672 wrote to memory of 1644 1672 rundll32.exe 27 PID 1672 wrote to memory of 1644 1672 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d5f709066100504066076108fc2d7cf1761f5ec60def036dffe7c34823a33ba7.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1672 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d5f709066100504066076108fc2d7cf1761f5ec60def036dffe7c34823a33ba7.dll,#12⤵PID:1644
-