Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
01/12/2022, 16:47
Static task
static1
Behavioral task
behavioral1
Sample
ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a.dll
Resource
win10v2004-20221111-en
General
-
Target
ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a.dll
-
Size
10KB
-
MD5
222f69a1671cd21f7e55e6255c2aa605
-
SHA1
bd9b89e496ff05f7dd1fb9cf8cf25c78642ae0a8
-
SHA256
ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a
-
SHA512
dda2624c50e305b0077c9fe0033c73a64e73cabb0b22e32c8c12e0d0ae7ccb9278ff3718391861665eb6c9f62020f6d2978a8b1fc2f0b18c3f579c7e7106ed07
-
SSDEEP
192:EaGsVRdStUIhx8EqU4VRLwagAcUrgL0oKbAyFP2JzLNbxbvtpmzhwX:EaDVyUo2EqU+0looaAyF4Rbxjtp9X
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 1204 rundll32.exe Token: SeSecurityPrivilege 1204 rundll32.exe Token: SeTakeOwnershipPrivilege 1204 rundll32.exe Token: SeLoadDriverPrivilege 1204 rundll32.exe Token: SeSystemProfilePrivilege 1204 rundll32.exe Token: SeSystemtimePrivilege 1204 rundll32.exe Token: SeProfSingleProcessPrivilege 1204 rundll32.exe Token: SeIncBasePriorityPrivilege 1204 rundll32.exe Token: SeCreatePagefilePrivilege 1204 rundll32.exe Token: SeBackupPrivilege 1204 rundll32.exe Token: SeRestorePrivilege 1204 rundll32.exe Token: SeShutdownPrivilege 1204 rundll32.exe Token: SeDebugPrivilege 1204 rundll32.exe Token: SeSystemEnvironmentPrivilege 1204 rundll32.exe Token: SeChangeNotifyPrivilege 1204 rundll32.exe Token: SeRemoteShutdownPrivilege 1204 rundll32.exe Token: SeUndockPrivilege 1204 rundll32.exe Token: SeManageVolumePrivilege 1204 rundll32.exe Token: SeImpersonatePrivilege 1204 rundll32.exe Token: SeCreateGlobalPrivilege 1204 rundll32.exe Token: 33 1204 rundll32.exe Token: 34 1204 rundll32.exe Token: 35 1204 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 832 wrote to memory of 1204 832 rundll32.exe 28 PID 832 wrote to memory of 1204 832 rundll32.exe 28 PID 832 wrote to memory of 1204 832 rundll32.exe 28 PID 832 wrote to memory of 1204 832 rundll32.exe 28 PID 832 wrote to memory of 1204 832 rundll32.exe 28 PID 832 wrote to memory of 1204 832 rundll32.exe 28 PID 832 wrote to memory of 1204 832 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:832 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
PID:1204
-