Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06/11/2022, 21:12
Static task
static1
Behavioral task
behavioral1
Sample
5ad9c438169341b07a51dc357d1a4f24d89bb497b919aa1cbf1f96d26955dac9.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
5ad9c438169341b07a51dc357d1a4f24d89bb497b919aa1cbf1f96d26955dac9.dll
Resource
win10v2004-20220812-en
General
-
Target
5ad9c438169341b07a51dc357d1a4f24d89bb497b919aa1cbf1f96d26955dac9.dll
-
Size
332KB
-
MD5
0923f3e4383cad6b074a7e8ddf87d460
-
SHA1
b0877063742fe82f684bf4908abb2760d07704be
-
SHA256
5ad9c438169341b07a51dc357d1a4f24d89bb497b919aa1cbf1f96d26955dac9
-
SHA512
8eec5798a87378f756b148cc7dab30bb67e8a5be0b48d418be810527a8063109941e29189185a0ead73b9792d122e037c39a36b2dc4309cab6c29600600b3399
-
SSDEEP
6144:9S5kl1kwSxxzKj+kfes+vhZjXEwy7XpE6miAkZLt977BvRwgH+a7hVK:QulSwWxzgwIX26mbkZ77LwgJz
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1764 wrote to memory of 1480 1764 rundll32.exe 28 PID 1764 wrote to memory of 1480 1764 rundll32.exe 28 PID 1764 wrote to memory of 1480 1764 rundll32.exe 28 PID 1764 wrote to memory of 1480 1764 rundll32.exe 28 PID 1764 wrote to memory of 1480 1764 rundll32.exe 28 PID 1764 wrote to memory of 1480 1764 rundll32.exe 28 PID 1764 wrote to memory of 1480 1764 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ad9c438169341b07a51dc357d1a4f24d89bb497b919aa1cbf1f96d26955dac9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1764 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5ad9c438169341b07a51dc357d1a4f24d89bb497b919aa1cbf1f96d26955dac9.dll,#12⤵PID:1480
-