Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
90s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
02/12/2022, 01:53 UTC
Static task
static1
Behavioral task
behavioral1
Sample
d6fb5eeef2bbf9def1ed617a6054a025a2d5d035d1f096f655012dc57246629a.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
d6fb5eeef2bbf9def1ed617a6054a025a2d5d035d1f096f655012dc57246629a.dll
Resource
win10v2004-20220812-en
General
-
Target
d6fb5eeef2bbf9def1ed617a6054a025a2d5d035d1f096f655012dc57246629a.dll
-
Size
4KB
-
MD5
d89fbb4557a2a444ddcdee2fb07d8820
-
SHA1
f2bde77fd818bc7a4aedb29a51586cf43cabe2bd
-
SHA256
d6fb5eeef2bbf9def1ed617a6054a025a2d5d035d1f096f655012dc57246629a
-
SHA512
a199da730f72bde0317f258eef52c87429b62fdfa6e57bc69488b6267dbad2e2840bb87b706af7ab86734a5ed2e75ac31798bd960d6b52b1143fe19fb3e5e958
-
SSDEEP
48:a5zdM1cSTBg0r27vTuAEK9Vc9UwsFgdemcIaI6+PEoyXgUj7dPeJjhK:PT3r2vu9s6GwZMDIzE9XteJjA
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 916 wrote to memory of 992 916 rundll32.exe 28 PID 916 wrote to memory of 992 916 rundll32.exe 28 PID 916 wrote to memory of 992 916 rundll32.exe 28 PID 916 wrote to memory of 992 916 rundll32.exe 28 PID 916 wrote to memory of 992 916 rundll32.exe 28 PID 916 wrote to memory of 992 916 rundll32.exe 28 PID 916 wrote to memory of 992 916 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d6fb5eeef2bbf9def1ed617a6054a025a2d5d035d1f096f655012dc57246629a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:916 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d6fb5eeef2bbf9def1ed617a6054a025a2d5d035d1f096f655012dc57246629a.dll,#12⤵PID:992
-