Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
37s -
max time network
44s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
30/10/2022, 07:46
Behavioral task
behavioral1
Sample
c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996.dll
Resource
win10v2004-20220901-en
General
-
Target
c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996.dll
-
Size
79KB
-
MD5
93353ce06791d05e79229d408acdef13
-
SHA1
83be628328312c00de32bceaaca8b8587dad7d41
-
SHA256
c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996
-
SHA512
69bdae2581a867bb60d5e01696c2f31fd7df69e46e2f5c544c42c76e233ff1ea252d565377fb5d97b2828ee433824e6b7cce2ff4d53a3a1abf291f4065dbcdb7
-
SSDEEP
1536:evCWSWkJ/gnBXgdz61EJPaw1JZbmjKINsI0jfs8rUqyrXbG:ESWUwkzJEDiI0bBgqyrLG
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1548-56-0x0000000010000000-0x000000001000C000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1228 wrote to memory of 1548 1228 rundll32.exe 27 PID 1228 wrote to memory of 1548 1228 rundll32.exe 27 PID 1228 wrote to memory of 1548 1228 rundll32.exe 27 PID 1228 wrote to memory of 1548 1228 rundll32.exe 27 PID 1228 wrote to memory of 1548 1228 rundll32.exe 27 PID 1228 wrote to memory of 1548 1228 rundll32.exe 27 PID 1228 wrote to memory of 1548 1228 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c6f90e621ee11a60f96d74d07ca22d43467f6f71a51bd5226996ab8ff86ab996.dll,#12⤵PID:1548
-