Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 23:27
Static task
static1
Behavioral task
behavioral1
Sample
df0e23e96de229e96164a7a1baffe71fae94911b131262eb78b9add6c63bad8e.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
df0e23e96de229e96164a7a1baffe71fae94911b131262eb78b9add6c63bad8e.dll
Resource
win10v2004-20221111-en
1 signatures
150 seconds
General
-
Target
df0e23e96de229e96164a7a1baffe71fae94911b131262eb78b9add6c63bad8e.dll
-
Size
3KB
-
MD5
0e792491b37a504d87155551b011a960
-
SHA1
7ec465bf31e5a651bac4baef3c938b29af5615a0
-
SHA256
df0e23e96de229e96164a7a1baffe71fae94911b131262eb78b9add6c63bad8e
-
SHA512
c022d7862f02dc227fc4f13320d801cb7fbe71f527cca57af2eb3e04c8eb1944841bf97104cebbf66ac97169c100ecdef8c8dad7f5e65f576eed6fa49f3b572e
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1956 wrote to memory of 2040 1956 rundll32.exe 28 PID 1956 wrote to memory of 2040 1956 rundll32.exe 28 PID 1956 wrote to memory of 2040 1956 rundll32.exe 28 PID 1956 wrote to memory of 2040 1956 rundll32.exe 28 PID 1956 wrote to memory of 2040 1956 rundll32.exe 28 PID 1956 wrote to memory of 2040 1956 rundll32.exe 28 PID 1956 wrote to memory of 2040 1956 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\df0e23e96de229e96164a7a1baffe71fae94911b131262eb78b9add6c63bad8e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1956 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\df0e23e96de229e96164a7a1baffe71fae94911b131262eb78b9add6c63bad8e.dll,#12⤵PID:2040
-