Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    37s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 07:46

General

  • Target

    c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996.dll

  • Size

    79KB

  • MD5

    93353ce06791d05e79229d408acdef13

  • SHA1

    83be628328312c00de32bceaaca8b8587dad7d41

  • SHA256

    c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996

  • SHA512

    69bdae2581a867bb60d5e01696c2f31fd7df69e46e2f5c544c42c76e233ff1ea252d565377fb5d97b2828ee433824e6b7cce2ff4d53a3a1abf291f4065dbcdb7

  • SSDEEP

    1536:evCWSWkJ/gnBXgdz61EJPaw1JZbmjKINsI0jfs8rUqyrXbG:ESWUwkzJEDiI0bBgqyrLG

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1228
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996.dll,#1
      2⤵
        PID:1548

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1548-55-0x0000000075561000-0x0000000075563000-memory.dmp

      Filesize

      8KB

    • memory/1548-56-0x0000000010000000-0x000000001000C000-memory.dmp

      Filesize

      48KB