Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
236s -
max time network
334s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
01/12/2022, 16:39
Static task
static1
Behavioral task
behavioral1
Sample
e2f083772afdf6ac1bd16b89e4c2115047b6a3c8fee66c8541a72efecb0b39e4.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
e2f083772afdf6ac1bd16b89e4c2115047b6a3c8fee66c8541a72efecb0b39e4.dll
Resource
win10v2004-20221111-en
General
-
Target
e2f083772afdf6ac1bd16b89e4c2115047b6a3c8fee66c8541a72efecb0b39e4.dll
-
Size
78KB
-
MD5
582b05e58b5005c24830ef67a4549af6
-
SHA1
16bd2fc080c72ac3b1d91ecbc909a46c7cc6aa88
-
SHA256
e2f083772afdf6ac1bd16b89e4c2115047b6a3c8fee66c8541a72efecb0b39e4
-
SHA512
91828af17e52e1f40f5653438284c4b3035e1b28df9865909966c35171506bb0ef0a1bdac34b0978031b8f1190626e65909ec105108d008dd0c8a2b5e546e928
-
SSDEEP
1536:BMMObIsZaUQxJUHmoW7qhWnGMn3jO1cdooaAoodtmTFwuQi16mlQ:iNERpxJUiWY40aBMtmZBm
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 788 wrote to memory of 1744 788 rundll32.exe 27 PID 788 wrote to memory of 1744 788 rundll32.exe 27 PID 788 wrote to memory of 1744 788 rundll32.exe 27 PID 788 wrote to memory of 1744 788 rundll32.exe 27 PID 788 wrote to memory of 1744 788 rundll32.exe 27 PID 788 wrote to memory of 1744 788 rundll32.exe 27 PID 788 wrote to memory of 1744 788 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e2f083772afdf6ac1bd16b89e4c2115047b6a3c8fee66c8541a72efecb0b39e4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:788 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e2f083772afdf6ac1bd16b89e4c2115047b6a3c8fee66c8541a72efecb0b39e4.dll,#12⤵PID:1744
-