Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 05:49
Static task
static1
Behavioral task
behavioral1
Sample
8b4e0eff21ff47f630e4d8e439fefd3dfe6f9dd5dc64ff88be94e5288ec6e141.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
8b4e0eff21ff47f630e4d8e439fefd3dfe6f9dd5dc64ff88be94e5288ec6e141.dll
Resource
win10v2004-20221111-en
General
-
Target
8b4e0eff21ff47f630e4d8e439fefd3dfe6f9dd5dc64ff88be94e5288ec6e141.dll
-
Size
147KB
-
MD5
eae0ce7a159227169aa73c3024d95345
-
SHA1
1d762eaa966597b52bb2af8a15c7b80ca8b51df8
-
SHA256
8b4e0eff21ff47f630e4d8e439fefd3dfe6f9dd5dc64ff88be94e5288ec6e141
-
SHA512
7032eecd4f83422ee07a2113c15b9bc8dc6d5ca25b5691a9681f20212f39a1b089edac56ec8a9c826cbb59c06fc702e8dc2ce90e721f3d11a32ea78f5e08df54
-
SSDEEP
3072:L7R3s4IOxv3KDIVIP6UCdbEwKxWyUtGuPiT+27T/Z0NvMe:L7R3sNOV3iIVybsYwKAyU2Vf/Z0Nvh
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 960 wrote to memory of 952 960 rundll32.exe 28 PID 960 wrote to memory of 952 960 rundll32.exe 28 PID 960 wrote to memory of 952 960 rundll32.exe 28 PID 960 wrote to memory of 952 960 rundll32.exe 28 PID 960 wrote to memory of 952 960 rundll32.exe 28 PID 960 wrote to memory of 952 960 rundll32.exe 28 PID 960 wrote to memory of 952 960 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8b4e0eff21ff47f630e4d8e439fefd3dfe6f9dd5dc64ff88be94e5288ec6e141.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:960 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8b4e0eff21ff47f630e4d8e439fefd3dfe6f9dd5dc64ff88be94e5288ec6e141.dll,#12⤵PID:952
-