Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
22s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
01/12/2022, 02:11 UTC
Behavioral task
behavioral1
Sample
85c3daa83add4f2d6075a80270a65653ab7d129581b143ecfcacabd7ad8fe0b4.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
85c3daa83add4f2d6075a80270a65653ab7d129581b143ecfcacabd7ad8fe0b4.dll
Resource
win10v2004-20221111-en
General
-
Target
85c3daa83add4f2d6075a80270a65653ab7d129581b143ecfcacabd7ad8fe0b4.dll
-
Size
58KB
-
MD5
78425bef258e703135799d3347970c0b
-
SHA1
6719ef432ca63c05e07abdc46703c3350fee86ab
-
SHA256
85c3daa83add4f2d6075a80270a65653ab7d129581b143ecfcacabd7ad8fe0b4
-
SHA512
5956271581769a9b5230211895b92dc1df234692622caebb31e1df80a344ff1867483c15c8b489b4b1d0c59e3115ebff76ca438b086b408d7c84a10f25a49186
-
SSDEEP
1536:V2bl7KanN5YHUQOo/ff12E8/rarc625x/Hd5nfQkBr:Wl7VgHUQOo/noE8zuVeTPBr
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/960-56-0x0000000010000000-0x000000001000A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 564 wrote to memory of 960 564 rundll32.exe 28 PID 564 wrote to memory of 960 564 rundll32.exe 28 PID 564 wrote to memory of 960 564 rundll32.exe 28 PID 564 wrote to memory of 960 564 rundll32.exe 28 PID 564 wrote to memory of 960 564 rundll32.exe 28 PID 564 wrote to memory of 960 564 rundll32.exe 28 PID 564 wrote to memory of 960 564 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\85c3daa83add4f2d6075a80270a65653ab7d129581b143ecfcacabd7ad8fe0b4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:564 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\85c3daa83add4f2d6075a80270a65653ab7d129581b143ecfcacabd7ad8fe0b4.dll,#12⤵PID:960
-