Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
3s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 07:58
Static task
static1
Behavioral task
behavioral1
Sample
709f382bc50e6656d8012cef7cf5521157875fb25e0b40ea31c13f3794932f71.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
709f382bc50e6656d8012cef7cf5521157875fb25e0b40ea31c13f3794932f71.dll
Resource
win10v2004-20221111-en
General
-
Target
709f382bc50e6656d8012cef7cf5521157875fb25e0b40ea31c13f3794932f71.dll
-
Size
32KB
-
MD5
fc01b7ea2beb9ccb71d743292577c3de
-
SHA1
6cd4c7cbb6939669bfc8c98173b0a778c3a2ab9e
-
SHA256
709f382bc50e6656d8012cef7cf5521157875fb25e0b40ea31c13f3794932f71
-
SHA512
21f76da20b4dde26ed40d270cf482663f839d14c41643a6df7919be71e540e5a7dbec0f882267bb104c5fdab8afe62c919f89710955e7d931bd7c3375decf4ae
-
SSDEEP
384:pWRxD56W1rRy2408lh/jkcIRagzN5wj7D77iYfiIuIzawYJFJLCRCkI8a:+1QWtHd8PZIaaN5kD75KINzhqDmRCkIT
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 956 wrote to memory of 1560 956 rundll32.exe 28 PID 956 wrote to memory of 1560 956 rundll32.exe 28 PID 956 wrote to memory of 1560 956 rundll32.exe 28 PID 956 wrote to memory of 1560 956 rundll32.exe 28 PID 956 wrote to memory of 1560 956 rundll32.exe 28 PID 956 wrote to memory of 1560 956 rundll32.exe 28 PID 956 wrote to memory of 1560 956 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\709f382bc50e6656d8012cef7cf5521157875fb25e0b40ea31c13f3794932f71.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:956 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\709f382bc50e6656d8012cef7cf5521157875fb25e0b40ea31c13f3794932f71.dll,#12⤵PID:1560
-