Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 10:07
Behavioral task
behavioral1
Sample
2c0b1543a9a1ac9e1d79f0a4a240cf0562dc8617a20a493c50cf778587b66c08.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
2c0b1543a9a1ac9e1d79f0a4a240cf0562dc8617a20a493c50cf778587b66c08.dll
Resource
win10v2004-20221111-en
General
-
Target
2c0b1543a9a1ac9e1d79f0a4a240cf0562dc8617a20a493c50cf778587b66c08.dll
-
Size
11KB
-
MD5
3d3eeea7cc8eac792222c36b8e6a7dc0
-
SHA1
906e37b0cbc90bd93d7619118d7f8476723937c2
-
SHA256
2c0b1543a9a1ac9e1d79f0a4a240cf0562dc8617a20a493c50cf778587b66c08
-
SHA512
fe63e9119bbd36cc202c946eeba13ddaa1db3c3d9a5579b4f63df2f20909c8c83324ff45c94798d6a8510550f380c4dc8a7f567d61b8f7e0f8d11e753818b839
-
SSDEEP
192:3SC8I6CLdScS9dRVZdr3mDakQnTg9XwwTPnzX1a7khswrMRHsfhRgWScWw:3pLVLdScS1VD3k/QnTyXZLnT1Xhd3fDG
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1096 wrote to memory of 1808 1096 rundll32.exe 28 PID 1096 wrote to memory of 1808 1096 rundll32.exe 28 PID 1096 wrote to memory of 1808 1096 rundll32.exe 28 PID 1096 wrote to memory of 1808 1096 rundll32.exe 28 PID 1096 wrote to memory of 1808 1096 rundll32.exe 28 PID 1096 wrote to memory of 1808 1096 rundll32.exe 28 PID 1096 wrote to memory of 1808 1096 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2c0b1543a9a1ac9e1d79f0a4a240cf0562dc8617a20a493c50cf778587b66c08.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1096 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2c0b1543a9a1ac9e1d79f0a4a240cf0562dc8617a20a493c50cf778587b66c08.dll,#12⤵PID:1808
-