Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
4s -
max time network
29s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
02/12/2022, 19:15
Behavioral task
behavioral1
Sample
55be58f83f072cde99e780cf28f64df50429f7ada220d60d94f5f5a97e5ef125.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
55be58f83f072cde99e780cf28f64df50429f7ada220d60d94f5f5a97e5ef125.dll
Resource
win10v2004-20220812-en
General
-
Target
55be58f83f072cde99e780cf28f64df50429f7ada220d60d94f5f5a97e5ef125.dll
-
Size
63KB
-
MD5
100af252bf2e7f6805690030f1ce82db
-
SHA1
8a4c6278f90624e26e1c010be18d39c0f2cd2caf
-
SHA256
55be58f83f072cde99e780cf28f64df50429f7ada220d60d94f5f5a97e5ef125
-
SHA512
d52eecbde89e39f664a3352a1d4c01e3d92ed97054f78572739726d8b720672be5abc456450254be7429cd90549e0b3c2cec182b2c88668138630bef7cbf678c
-
SSDEEP
1536:n7ZLNPp9pZBMRQIsYAtTB2AOgQkjNA5+FkLgHo0vY:7ZppI7RAT2A4mNAgKgI0g
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1224 wrote to memory of 1272 1224 rundll32.exe 28 PID 1224 wrote to memory of 1272 1224 rundll32.exe 28 PID 1224 wrote to memory of 1272 1224 rundll32.exe 28 PID 1224 wrote to memory of 1272 1224 rundll32.exe 28 PID 1224 wrote to memory of 1272 1224 rundll32.exe 28 PID 1224 wrote to memory of 1272 1224 rundll32.exe 28 PID 1224 wrote to memory of 1272 1224 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\55be58f83f072cde99e780cf28f64df50429f7ada220d60d94f5f5a97e5ef125.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1224 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\55be58f83f072cde99e780cf28f64df50429f7ada220d60d94f5f5a97e5ef125.dll,#12⤵PID:1272
-