Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
47s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
06/11/2022, 15:57
Static task
static1
Behavioral task
behavioral1
Sample
d68804eab02722879320883af13fd2fbaab9e5703e4e1e746a21616bc4c8f771.dll
Resource
win7-20220901-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
d68804eab02722879320883af13fd2fbaab9e5703e4e1e746a21616bc4c8f771.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
d68804eab02722879320883af13fd2fbaab9e5703e4e1e746a21616bc4c8f771.dll
-
Size
3KB
-
MD5
00d8751cee93b20711fd6c6eeb155438
-
SHA1
138c5f4cd61c57bea042a24d254aaed49901334d
-
SHA256
d68804eab02722879320883af13fd2fbaab9e5703e4e1e746a21616bc4c8f771
-
SHA512
6ed1d7e18ec1aa416e57b3e5654db1e6dbf1de5399889f0b9e9d2e52102543034d95b057b1c741f90b6ea0053957ef09ab5b02f2c24bda272186fee16155220f
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 860 wrote to memory of 1252 860 rundll32.exe 27 PID 860 wrote to memory of 1252 860 rundll32.exe 27 PID 860 wrote to memory of 1252 860 rundll32.exe 27 PID 860 wrote to memory of 1252 860 rundll32.exe 27 PID 860 wrote to memory of 1252 860 rundll32.exe 27 PID 860 wrote to memory of 1252 860 rundll32.exe 27 PID 860 wrote to memory of 1252 860 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d68804eab02722879320883af13fd2fbaab9e5703e4e1e746a21616bc4c8f771.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:860 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d68804eab02722879320883af13fd2fbaab9e5703e4e1e746a21616bc4c8f771.dll,#12⤵PID:1252
-