Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
47s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
02/12/2022, 20:18
Static task
static1
Behavioral task
behavioral1
Sample
7298a00153b20d6218cd056614b54422862184b80f001fd0aed660bf3360ce14.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
7298a00153b20d6218cd056614b54422862184b80f001fd0aed660bf3360ce14.dll
Resource
win10v2004-20220812-en
General
-
Target
7298a00153b20d6218cd056614b54422862184b80f001fd0aed660bf3360ce14.dll
-
Size
265KB
-
MD5
1b92dff6e50923989cd4cc571bff36c0
-
SHA1
fc522e97f3412aad662adbb176d6a4410980cd2f
-
SHA256
7298a00153b20d6218cd056614b54422862184b80f001fd0aed660bf3360ce14
-
SHA512
9bbd2128c3a28bfe43dadb6e43239177737264442d3ee04e59200f1140257bad28438a14385ab5ca2e3c9c84864be3954ad941898da8e399640687fff2f317d1
-
SSDEEP
3072:pXWocFC1dE4QrTA7OWSgiUCUf9MWVy2dxMvFO4PDlohs:pXWozdJNV5MNHPxoh
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 856 wrote to memory of 672 856 rundll32.exe 27 PID 856 wrote to memory of 672 856 rundll32.exe 27 PID 856 wrote to memory of 672 856 rundll32.exe 27 PID 856 wrote to memory of 672 856 rundll32.exe 27 PID 856 wrote to memory of 672 856 rundll32.exe 27 PID 856 wrote to memory of 672 856 rundll32.exe 27 PID 856 wrote to memory of 672 856 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7298a00153b20d6218cd056614b54422862184b80f001fd0aed660bf3360ce14.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7298a00153b20d6218cd056614b54422862184b80f001fd0aed660bf3360ce14.dll,#12⤵PID:672
-