Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
25s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
02/12/2022, 19:09
Behavioral task
behavioral1
Sample
0509fbbde3f0cd5c3bbb421280b58cab7a8088b1f18571ada52860caefdca551.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0509fbbde3f0cd5c3bbb421280b58cab7a8088b1f18571ada52860caefdca551.dll
Resource
win10v2004-20220812-en
General
-
Target
0509fbbde3f0cd5c3bbb421280b58cab7a8088b1f18571ada52860caefdca551.dll
-
Size
42KB
-
MD5
16725fa12a74b32c238c23aa6fe9cc60
-
SHA1
95c2d2db70394c8f4822246d3fccb86dfe1b9760
-
SHA256
0509fbbde3f0cd5c3bbb421280b58cab7a8088b1f18571ada52860caefdca551
-
SHA512
eda21d24ef26fa3279ccc4a2d9c558defd885d104b18043573690d3a4ed9af8f4b60f258423bbdc10986f4b2c9c82b46422e2c42e9196da3163b1d8ad033f084
-
SSDEEP
768:0pUDhOS0BwePY4/rKEI2d3n/JByd8uRfmXXbSGBDmlf4Sosos9Oxixwgsc62hx:0WUHBppRnd3nM8uB+bVByt4Vsos9OcxT
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1120-56-0x0000000010000000-0x0000000010040000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 884 wrote to memory of 1120 884 rundll32.exe 27 PID 884 wrote to memory of 1120 884 rundll32.exe 27 PID 884 wrote to memory of 1120 884 rundll32.exe 27 PID 884 wrote to memory of 1120 884 rundll32.exe 27 PID 884 wrote to memory of 1120 884 rundll32.exe 27 PID 884 wrote to memory of 1120 884 rundll32.exe 27 PID 884 wrote to memory of 1120 884 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0509fbbde3f0cd5c3bbb421280b58cab7a8088b1f18571ada52860caefdca551.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:884 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0509fbbde3f0cd5c3bbb421280b58cab7a8088b1f18571ada52860caefdca551.dll,#12⤵PID:1120
-