Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 07:17
Static task
static1
Behavioral task
behavioral1
Sample
7b3ce3829b63f84e17bbed2c1d0d39b314439d61eb8391a336ecd44cfa59d4c0.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7b3ce3829b63f84e17bbed2c1d0d39b314439d61eb8391a336ecd44cfa59d4c0.dll
Resource
win10v2004-20220812-en
General
-
Target
7b3ce3829b63f84e17bbed2c1d0d39b314439d61eb8391a336ecd44cfa59d4c0.dll
-
Size
4KB
-
MD5
6273c6121c4c1611595a22b8eaee1d50
-
SHA1
9d1ceddb372a348930db2345e6e10ee1d0b25510
-
SHA256
7b3ce3829b63f84e17bbed2c1d0d39b314439d61eb8391a336ecd44cfa59d4c0
-
SHA512
dbecab3af76d92c6f25a8890a0264e704eb16885f783472adc8d9e1530fa7755494820bc657038b8f7331a77fd2c387664c6f1cefec2e811845227290b063bd8
-
SSDEEP
48:iMHGv8j2IcW89NYEArhWHR0MiiIsiI6lXVkqlcH2SuiS6o+mm9g9o:PmkiIz8UZrQ0MhI/ITqly9g9o
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1812 wrote to memory of 836 1812 rundll32.exe 28 PID 1812 wrote to memory of 836 1812 rundll32.exe 28 PID 1812 wrote to memory of 836 1812 rundll32.exe 28 PID 1812 wrote to memory of 836 1812 rundll32.exe 28 PID 1812 wrote to memory of 836 1812 rundll32.exe 28 PID 1812 wrote to memory of 836 1812 rundll32.exe 28 PID 1812 wrote to memory of 836 1812 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7b3ce3829b63f84e17bbed2c1d0d39b314439d61eb8391a336ecd44cfa59d4c0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1812 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7b3ce3829b63f84e17bbed2c1d0d39b314439d61eb8391a336ecd44cfa59d4c0.dll,#12⤵PID:836
-