Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
30/10/2022, 12:34
Static task
static1
Behavioral task
behavioral1
Sample
8dbdebfc68fc2b217a7d5baab5134b6862dc51bcc140a71b7752512d23c201dc.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
8dbdebfc68fc2b217a7d5baab5134b6862dc51bcc140a71b7752512d23c201dc.dll
Resource
win10v2004-20220812-en
General
-
Target
8dbdebfc68fc2b217a7d5baab5134b6862dc51bcc140a71b7752512d23c201dc.dll
-
Size
16KB
-
MD5
84a3e46a8e10f2c5c55230aa285f8ffb
-
SHA1
24a003c5163b3b07440325b728a5642c90f021f7
-
SHA256
8dbdebfc68fc2b217a7d5baab5134b6862dc51bcc140a71b7752512d23c201dc
-
SHA512
579345e9fc7b9c7023d6bee8d098938d99c5cf45e6ae27d3021976c765a62aad8415f4d62e957b0793cd66bf7b950f975c936b849766e31b889e6f7b2f4c9561
-
SSDEEP
384:bhCcV4xbPHAcXvPn38c4+fPhFBtJV3Z8UGOUT5VRmnaysM4VGiFYOMOoJNrJJrsi:bhCcGxDgcXvP38L+H/BtJxZ8UaRmnayW
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1300 wrote to memory of 824 1300 rundll32.exe 27 PID 1300 wrote to memory of 824 1300 rundll32.exe 27 PID 1300 wrote to memory of 824 1300 rundll32.exe 27 PID 1300 wrote to memory of 824 1300 rundll32.exe 27 PID 1300 wrote to memory of 824 1300 rundll32.exe 27 PID 1300 wrote to memory of 824 1300 rundll32.exe 27 PID 1300 wrote to memory of 824 1300 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8dbdebfc68fc2b217a7d5baab5134b6862dc51bcc140a71b7752512d23c201dc.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1300 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8dbdebfc68fc2b217a7d5baab5134b6862dc51bcc140a71b7752512d23c201dc.dll,#12⤵PID:824
-