Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
35s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 21:52
Static task
static1
Behavioral task
behavioral1
Sample
985b4e1e1a7c0c330d9b5e00ab99669b5338ccc0be57be999fa00e6fa7ea2732.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
985b4e1e1a7c0c330d9b5e00ab99669b5338ccc0be57be999fa00e6fa7ea2732.dll
Resource
win10v2004-20220812-en
General
-
Target
985b4e1e1a7c0c330d9b5e00ab99669b5338ccc0be57be999fa00e6fa7ea2732.dll
-
Size
6KB
-
MD5
bec62af7bb0931311b6d9d86c5900db0
-
SHA1
f7b26fe3db6d30bd7520a47fb9f8ae913189714b
-
SHA256
985b4e1e1a7c0c330d9b5e00ab99669b5338ccc0be57be999fa00e6fa7ea2732
-
SHA512
f0ecd1ff533e00bdf986dff1ae9bc42987189f898f16f03376ba6c3cfe895562b0ab739155ff50acf4bf658ac3dff352b22443d6679e4ce6c0b0a40179ede66c
-
SSDEEP
96:nEY2RrF1eqwi4dyR3gCZ92XhhCF15C+pJkxEyvMt:EHRh1eppcRwCqeL5C8kmyvMt
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1916 wrote to memory of 976 1916 rundll32.exe 27 PID 1916 wrote to memory of 976 1916 rundll32.exe 27 PID 1916 wrote to memory of 976 1916 rundll32.exe 27 PID 1916 wrote to memory of 976 1916 rundll32.exe 27 PID 1916 wrote to memory of 976 1916 rundll32.exe 27 PID 1916 wrote to memory of 976 1916 rundll32.exe 27 PID 1916 wrote to memory of 976 1916 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\985b4e1e1a7c0c330d9b5e00ab99669b5338ccc0be57be999fa00e6fa7ea2732.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1916 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\985b4e1e1a7c0c330d9b5e00ab99669b5338ccc0be57be999fa00e6fa7ea2732.dll,#12⤵PID:976
-