Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 21:50
Static task
static1
Behavioral task
behavioral1
Sample
a6d81077ad4e5da2f696f11c5f1d42d30dcb91445a0603f991372f96d167b779.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
a6d81077ad4e5da2f696f11c5f1d42d30dcb91445a0603f991372f96d167b779.dll
Resource
win10v2004-20220812-en
General
-
Target
a6d81077ad4e5da2f696f11c5f1d42d30dcb91445a0603f991372f96d167b779.dll
-
Size
6KB
-
MD5
f7752012f56833ee613c55b65e68bc00
-
SHA1
84ffe73610559e79e06bb800f82f90f3f47d8b92
-
SHA256
a6d81077ad4e5da2f696f11c5f1d42d30dcb91445a0603f991372f96d167b779
-
SHA512
90edaf09a4d645bb6588e822c202a5eb5f4b54390168402d01b7393d51d19948041aa00ea3119f22fa938143ffacc04f5d69b1c97d0141992cb1b1403a00a7c9
-
SSDEEP
96:nEY2RrF1eqwi4nVi6/8At3monSYRPb+1DSk/Lp9W+hC0dN73GCThTXtlcyPQ:EHRh1eppbDrnD0HlcN
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1404 wrote to memory of 1400 1404 rundll32.exe 26 PID 1404 wrote to memory of 1400 1404 rundll32.exe 26 PID 1404 wrote to memory of 1400 1404 rundll32.exe 26 PID 1404 wrote to memory of 1400 1404 rundll32.exe 26 PID 1404 wrote to memory of 1400 1404 rundll32.exe 26 PID 1404 wrote to memory of 1400 1404 rundll32.exe 26 PID 1404 wrote to memory of 1400 1404 rundll32.exe 26
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a6d81077ad4e5da2f696f11c5f1d42d30dcb91445a0603f991372f96d167b779.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1404 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a6d81077ad4e5da2f696f11c5f1d42d30dcb91445a0603f991372f96d167b779.dll,#12⤵PID:1400
-