Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
01/12/2022, 23:58
Static task
static1
Behavioral task
behavioral1
Sample
479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad.dll
Resource
win10v2004-20220812-en
General
-
Target
479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad.dll
-
Size
26KB
-
MD5
e71d881e12b6f40e4f2785e9fe944650
-
SHA1
54dab85dc5490d21f83017ee6b48e64691556c3c
-
SHA256
479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad
-
SHA512
21bfc03d15b03d7ba3076131d82ff3e33f0e43aa40585cad751ac314805d0b72f8f05aa56b0f60b2a40d20b1fbaccc365d3e2ec99e4632d4a7c5e31887f88272
-
SSDEEP
384:V5m008E9N4NJI9LmFKZxGvAEio77bicN8oN3vZa7xh2RaRLwg7Pd:2008NI9LpZxG8o7KcuoBQ7PfRMg7Pd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1528 wrote to memory of 904 1528 rundll32.exe 27 PID 1528 wrote to memory of 904 1528 rundll32.exe 27 PID 1528 wrote to memory of 904 1528 rundll32.exe 27 PID 1528 wrote to memory of 904 1528 rundll32.exe 27 PID 1528 wrote to memory of 904 1528 rundll32.exe 27 PID 1528 wrote to memory of 904 1528 rundll32.exe 27 PID 1528 wrote to memory of 904 1528 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1528 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad.dll,#12⤵PID:904
-