Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
24s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
02/12/2022, 19:26
Behavioral task
behavioral1
Sample
90bf3ea4bcd50b12f33bc2331ab6ebe2da728d8c09f8ced82d6bb4ae36b29361.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
90bf3ea4bcd50b12f33bc2331ab6ebe2da728d8c09f8ced82d6bb4ae36b29361.dll
Resource
win10v2004-20220812-en
General
-
Target
90bf3ea4bcd50b12f33bc2331ab6ebe2da728d8c09f8ced82d6bb4ae36b29361.dll
-
Size
66KB
-
MD5
be14c73288d51570a963237d0ec84906
-
SHA1
2788f02126aadf4249abb4e221510aceeb1e8678
-
SHA256
90bf3ea4bcd50b12f33bc2331ab6ebe2da728d8c09f8ced82d6bb4ae36b29361
-
SHA512
d1023a1991247488a4598e5f32a29c103c67d8e83e8a3cd6defcd7688bb168117ede02cae8ab4b441711e19376b623e519f40a30ed5aeac65d2f56d421313953
-
SSDEEP
1536:Iykzkagyg+xVv/0qzBUn1+E61/SZaJYzGCE1NOBhUSejmW0:IFzkaTxtFU1+/1/SZaJYzGJfKUn0
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1772 wrote to memory of 1224 1772 rundll32.exe 28 PID 1772 wrote to memory of 1224 1772 rundll32.exe 28 PID 1772 wrote to memory of 1224 1772 rundll32.exe 28 PID 1772 wrote to memory of 1224 1772 rundll32.exe 28 PID 1772 wrote to memory of 1224 1772 rundll32.exe 28 PID 1772 wrote to memory of 1224 1772 rundll32.exe 28 PID 1772 wrote to memory of 1224 1772 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\90bf3ea4bcd50b12f33bc2331ab6ebe2da728d8c09f8ced82d6bb4ae36b29361.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1772 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\90bf3ea4bcd50b12f33bc2331ab6ebe2da728d8c09f8ced82d6bb4ae36b29361.dll,#12⤵PID:1224
-