Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
01/12/2022, 15:33
Behavioral task
behavioral1
Sample
185e8933bcf6ed7dd7932e48c98a433096723f78184b97c2dbe0a8a7d086a45c.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
185e8933bcf6ed7dd7932e48c98a433096723f78184b97c2dbe0a8a7d086a45c.dll
Resource
win10v2004-20221111-en
General
-
Target
185e8933bcf6ed7dd7932e48c98a433096723f78184b97c2dbe0a8a7d086a45c.dll
-
Size
26KB
-
MD5
6387a78b7714abd5e1b5f55cf4da2f40
-
SHA1
2783163d35684dd37cea3b47a31038612f0427b4
-
SHA256
185e8933bcf6ed7dd7932e48c98a433096723f78184b97c2dbe0a8a7d086a45c
-
SHA512
b4e8136023c7fcf628c58cb514597d8ca510084296bb5cc3450cd3a3a853a4114ab556e0bee57a0e75cf71d858d3fec83edc219c9cee49c006f9fed927d50c98
-
SSDEEP
768:tn9opvGMutW+7Qta+dK+5DUod7COE9tzf/7:tngeW+ctaSK+5wtOkb7
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1928-57-0x0000000074EA0000-0x0000000074EB5000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\185e8933bcf6ed7dd7932e48c98a433096723f78184b97c2dbe0a8a7d086a45c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1048 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\185e8933bcf6ed7dd7932e48c98a433096723f78184b97c2dbe0a8a7d086a45c.dll,#12⤵PID:1928
-