Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 05:09
Static task
static1
Behavioral task
behavioral1
Sample
94733d0e1f86068aba3cee42d8d05812df125e07b8f9f24277949fd0d374b803.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
94733d0e1f86068aba3cee42d8d05812df125e07b8f9f24277949fd0d374b803.dll
Resource
win10v2004-20220901-en
General
-
Target
94733d0e1f86068aba3cee42d8d05812df125e07b8f9f24277949fd0d374b803.dll
-
Size
57KB
-
MD5
f2a3a92d193bf808605c5fefa6d4d8ca
-
SHA1
bd6f58345f8b3a3593aa6b8717b23e0af8cc6243
-
SHA256
94733d0e1f86068aba3cee42d8d05812df125e07b8f9f24277949fd0d374b803
-
SHA512
f02b788aec5227f6f985ff4a5e4e0958d3c7c95a286a393fda31006ef79f91e6a6a20dc95e92237bab40a03153b1d0d445fe70c2f5abe3a603ead14971b14a24
-
SSDEEP
1536:BiNIKDP4YU6EMyDcqiZZZNihyISFIR6/JP+3CT:BjqP4YU6ErtGNEKIpCT
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1248 wrote to memory of 1120 1248 rundll32.exe 26 PID 1248 wrote to memory of 1120 1248 rundll32.exe 26 PID 1248 wrote to memory of 1120 1248 rundll32.exe 26 PID 1248 wrote to memory of 1120 1248 rundll32.exe 26 PID 1248 wrote to memory of 1120 1248 rundll32.exe 26 PID 1248 wrote to memory of 1120 1248 rundll32.exe 26 PID 1248 wrote to memory of 1120 1248 rundll32.exe 26
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\94733d0e1f86068aba3cee42d8d05812df125e07b8f9f24277949fd0d374b803.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1248 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\94733d0e1f86068aba3cee42d8d05812df125e07b8f9f24277949fd0d374b803.dll,#12⤵PID:1120
-