Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 16:47

General

  • Target

    ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a.dll

  • Size

    10KB

  • MD5

    222f69a1671cd21f7e55e6255c2aa605

  • SHA1

    bd9b89e496ff05f7dd1fb9cf8cf25c78642ae0a8

  • SHA256

    ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a

  • SHA512

    dda2624c50e305b0077c9fe0033c73a64e73cabb0b22e32c8c12e0d0ae7ccb9278ff3718391861665eb6c9f62020f6d2978a8b1fc2f0b18c3f579c7e7106ed07

  • SSDEEP

    192:EaGsVRdStUIhx8EqU4VRLwagAcUrgL0oKbAyFP2JzLNbxbvtpmzhwX:EaDVyUo2EqU+0looaAyF4Rbxjtp9X

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 23 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:832
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a.dll,#1
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1204-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

    Filesize

    8KB

  • memory/1204-56-0x0000000010000000-0x0000000010006000-memory.dmp

    Filesize

    24KB

  • memory/1204-57-0x0000000010000000-0x0000000010006000-memory.dmp

    Filesize

    24KB

  • memory/1204-58-0x0000000010000000-0x0000000010006000-memory.dmp

    Filesize

    24KB