Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

9

891b1674c1...ad.dll

windows7-x64

8

891b1674c1...ad.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 07:43 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    891b1674c1944eec6444846f3387fc3d93b6240104ad7813bca0d0642d465cad.dll

  • Size

    73KB

  • MD5

    a2dbb634ca51ca67362958c837e88bdf

  • SHA1

    893457f7148af7f4ca3bf6f605052d796782ce15

  • SHA256

    891b1674c1944eec6444846f3387fc3d93b6240104ad7813bca0d0642d465cad

  • SHA512

    a8e557f81bfad1429aae58742153b552f7ce95cdae91811782afda63bf445f465375087c2e7d785b36812ab5e2a865aa0a5f7c5f61b4963a49e5b285fe7b2b4d

  • SSDEEP

    1536:dQ76ypVpWpIWsaKMZ8oxYhAdOeN8iZfwqsid1hZLk6xD:S75VHWnlDYhBZinsid3ZLkg

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\891b1674c1944eec6444846f3387fc3d93b6240104ad7813bca0d0642d465cad.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\891b1674c1944eec6444846f3387fc3d93b6240104ad7813bca0d0642d465cad.dll,#1
      2⤵
        PID:2008

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2008-55-0x0000000075A81000-0x0000000075A83000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2008-56-0x0000000010000000-0x000000001000E000-memory.dmp

      Filesize

      56KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.