Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
33s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06/11/2022, 03:54
Behavioral task
behavioral1
Sample
d2160fa293a708a45b05a39d11577cc2f703d6d4e7f08be1a79308b935641a0a.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d2160fa293a708a45b05a39d11577cc2f703d6d4e7f08be1a79308b935641a0a.dll
Resource
win10v2004-20220812-en
General
-
Target
d2160fa293a708a45b05a39d11577cc2f703d6d4e7f08be1a79308b935641a0a.dll
-
Size
78KB
-
MD5
09eb6ecacd1a3b6ff7dedbf4c4f3f20e
-
SHA1
5f917ca44ac3214607e814b081cf18bade431184
-
SHA256
d2160fa293a708a45b05a39d11577cc2f703d6d4e7f08be1a79308b935641a0a
-
SHA512
9b043a36d69b324e0a971739dca4ed92dd5b5d8cd48dd6eaf49c28fef858efe3d674a40f57d805ccc628f73cb4281686d24b83d9d181134e1ae9e4834f8ff5ac
-
SSDEEP
1536:Mq/JmJSPWLdYgwXfbqQaIJfJZHpfGoUADyNSeA2M+h0NDO/xv+/zSUyo:z/JmJSPjgwXfblz9BUey04M+hXh+rz
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1920 wrote to memory of 1012 1920 rundll32.exe 28 PID 1920 wrote to memory of 1012 1920 rundll32.exe 28 PID 1920 wrote to memory of 1012 1920 rundll32.exe 28 PID 1920 wrote to memory of 1012 1920 rundll32.exe 28 PID 1920 wrote to memory of 1012 1920 rundll32.exe 28 PID 1920 wrote to memory of 1012 1920 rundll32.exe 28 PID 1920 wrote to memory of 1012 1920 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d2160fa293a708a45b05a39d11577cc2f703d6d4e7f08be1a79308b935641a0a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1920 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d2160fa293a708a45b05a39d11577cc2f703d6d4e7f08be1a79308b935641a0a.dll,#12⤵PID:1012
-