Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
58s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
29/11/2022, 10:42
Static task
static1
Behavioral task
behavioral1
Sample
f152ec1d856bd416b1f3558d2297b389a8fb5889cd2d92ebedb5b869e7590fe4.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f152ec1d856bd416b1f3558d2297b389a8fb5889cd2d92ebedb5b869e7590fe4.dll
Resource
win10v2004-20220812-en
General
-
Target
f152ec1d856bd416b1f3558d2297b389a8fb5889cd2d92ebedb5b869e7590fe4.dll
-
Size
76KB
-
MD5
394ef7f9079d770c51b3e9626f87e0fa
-
SHA1
07caff5c14fe54869d99afb9c79c0feefd837936
-
SHA256
f152ec1d856bd416b1f3558d2297b389a8fb5889cd2d92ebedb5b869e7590fe4
-
SHA512
b85a4621b55fca9fbf0945589b4b4a09bc5a7f1cc090f248e4208f96b154058d3624119bfd7d2a0d110d5fca8bbdc28506cf43208ddd2d51fbbc4d91b7135152
-
SSDEEP
1536:3FLcjFiSHsXLkiK9keuiVJELZ5juWg37wqqmMQFpDWGsDhIS/Y:2jBIQAVijE9lsqmM8ha9/Y
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1524 wrote to memory of 556 1524 rundll32.exe 28 PID 1524 wrote to memory of 556 1524 rundll32.exe 28 PID 1524 wrote to memory of 556 1524 rundll32.exe 28 PID 1524 wrote to memory of 556 1524 rundll32.exe 28 PID 1524 wrote to memory of 556 1524 rundll32.exe 28 PID 1524 wrote to memory of 556 1524 rundll32.exe 28 PID 1524 wrote to memory of 556 1524 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f152ec1d856bd416b1f3558d2297b389a8fb5889cd2d92ebedb5b869e7590fe4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1524 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f152ec1d856bd416b1f3558d2297b389a8fb5889cd2d92ebedb5b869e7590fe4.dll,#12⤵PID:556
-