Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
16s -
max time network
30s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
01/12/2022, 08:07
Behavioral task
behavioral1
Sample
89759ad40ede2c47d644896ca0479666c6447f76e93cdbaba4aa39800d43e124.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
89759ad40ede2c47d644896ca0479666c6447f76e93cdbaba4aa39800d43e124.dll
Resource
win10v2004-20221111-en
General
-
Target
89759ad40ede2c47d644896ca0479666c6447f76e93cdbaba4aa39800d43e124.dll
-
Size
598KB
-
MD5
e545cfb06c78d5586009d3be2ac04857
-
SHA1
9ccefd030612cac7e865f5258269a1150ce261bc
-
SHA256
89759ad40ede2c47d644896ca0479666c6447f76e93cdbaba4aa39800d43e124
-
SHA512
85c1263cf284730aebe4cefa9799ad4a8f1cd3175363dbbe98b22f6ae5c75394dfec036a6fc9c86a75df513365caa44b8c73870b3be97219ff33d5272a04314f
-
SSDEEP
12288:ikdJs0G0phXAlZ4ZhShdF2SUFiLXNQ4I0kiZK1C0EQ2jeG1u:ZdJ8Bl2S7F4iLXNQ4Nki70j2j1u
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1892 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2028 wrote to memory of 1892 2028 rundll32.exe 28 PID 2028 wrote to memory of 1892 2028 rundll32.exe 28 PID 2028 wrote to memory of 1892 2028 rundll32.exe 28 PID 2028 wrote to memory of 1892 2028 rundll32.exe 28 PID 2028 wrote to memory of 1892 2028 rundll32.exe 28 PID 2028 wrote to memory of 1892 2028 rundll32.exe 28 PID 2028 wrote to memory of 1892 2028 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\89759ad40ede2c47d644896ca0479666c6447f76e93cdbaba4aa39800d43e124.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\89759ad40ede2c47d644896ca0479666c6447f76e93cdbaba4aa39800d43e124.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:1892
-