Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
06/11/2022, 15:53
Static task
static1
Behavioral task
behavioral1
Sample
d3bc60a6849bc034f1cda3eb495e8792e8d48ccbd9efa92173521342ed67a366.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
d3bc60a6849bc034f1cda3eb495e8792e8d48ccbd9efa92173521342ed67a366.dll
Resource
win10v2004-20220901-en
General
-
Target
d3bc60a6849bc034f1cda3eb495e8792e8d48ccbd9efa92173521342ed67a366.dll
-
Size
4KB
-
MD5
0dc76f6a7651560a060de7f68144ae96
-
SHA1
4600b131cfade592657e52a1d4892dbc2b472610
-
SHA256
d3bc60a6849bc034f1cda3eb495e8792e8d48ccbd9efa92173521342ed67a366
-
SHA512
1ab907fb223c3402b41585a518de9b32327ff29ce79617a9f06187aff5b1ffa7ab26e99b613e2217a3d78c9c3995e447ff87d2ddd707a48faca6268f92e26db0
-
SSDEEP
24:e1GSYL3CeLA9/kPVCRVtc44MnXz+iM2u8kypgyXwVQwA3HdQz5NFbBCNNmQ1Aynb:SKLA9oyTnXz+ihZjufCXTFjoJtCTn
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1528 wrote to memory of 1704 1528 rundll32.exe 26 PID 1528 wrote to memory of 1704 1528 rundll32.exe 26 PID 1528 wrote to memory of 1704 1528 rundll32.exe 26 PID 1528 wrote to memory of 1704 1528 rundll32.exe 26 PID 1528 wrote to memory of 1704 1528 rundll32.exe 26 PID 1528 wrote to memory of 1704 1528 rundll32.exe 26 PID 1528 wrote to memory of 1704 1528 rundll32.exe 26
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3bc60a6849bc034f1cda3eb495e8792e8d48ccbd9efa92173521342ed67a366.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1528 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d3bc60a6849bc034f1cda3eb495e8792e8d48ccbd9efa92173521342ed67a366.dll,#12⤵PID:1704
-