Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
47s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
02/12/2022, 01:40
Static task
static1
Behavioral task
behavioral1
Sample
1957e24dbef13fd4b274003f2c93d7985fb73530dce34528ea2318675d8a7b6a.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
1957e24dbef13fd4b274003f2c93d7985fb73530dce34528ea2318675d8a7b6a.dll
Resource
win10v2004-20220901-en
General
-
Target
1957e24dbef13fd4b274003f2c93d7985fb73530dce34528ea2318675d8a7b6a.dll
-
Size
6KB
-
MD5
c30c325fa9c5088e6d28f5985fb68b20
-
SHA1
eac770442b3b97c577b0ab6f3f43c2735a6cf394
-
SHA256
1957e24dbef13fd4b274003f2c93d7985fb73530dce34528ea2318675d8a7b6a
-
SHA512
120e05eb3e2b952bc5192df519c789cd2cdca58ee544b8fb0d86356ab90c15ebba1bbe4a6ccfc2c1ead223df12b4be2a1abbffac149aa484261d370f7893b4d9
-
SSDEEP
192:EHRh1eppBh8QyYsvzi38GzP2U8EbNmKFZmsAasLux:EHROXhz9svu38Gz2U8EbNmKFZmsAasLY
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1768 wrote to memory of 1112 1768 rundll32.exe 27 PID 1768 wrote to memory of 1112 1768 rundll32.exe 27 PID 1768 wrote to memory of 1112 1768 rundll32.exe 27 PID 1768 wrote to memory of 1112 1768 rundll32.exe 27 PID 1768 wrote to memory of 1112 1768 rundll32.exe 27 PID 1768 wrote to memory of 1112 1768 rundll32.exe 27 PID 1768 wrote to memory of 1112 1768 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1957e24dbef13fd4b274003f2c93d7985fb73530dce34528ea2318675d8a7b6a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1768 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1957e24dbef13fd4b274003f2c93d7985fb73530dce34528ea2318675d8a7b6a.dll,#12⤵PID:1112
-