Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

1

Static

static

f36e9c29c3...4b.dll

windows7-x64

1

f36e9c29c3...4b.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    30s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 23:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f36e9c29c3050fe6d050a84fa10a37b2b9bec9251d2b4bb33a6a5cb17896694b.dll

  • Size

    3KB

  • MD5

    b1550fba3137e7d4f5eba0ba32386da0

  • SHA1

    1fc41bc91dac4fad674041780ff25a1fb9308ceb

  • SHA256

    f36e9c29c3050fe6d050a84fa10a37b2b9bec9251d2b4bb33a6a5cb17896694b

  • SHA512

    129c0ba9e392186ce6101693c35ad551ea8b7f50801ff86a71089361c1e964917786e050e6ac8410a0b606506d412f8b444209b3a2b7f54be554656b23c48e20

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f36e9c29c3050fe6d050a84fa10a37b2b9bec9251d2b4bb33a6a5cb17896694b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f36e9c29c3050fe6d050a84fa10a37b2b9bec9251d2b4bb33a6a5cb17896694b.dll,#1
      2⤵
        PID:1200

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1200-55-0x0000000076041000-0x0000000076043000-memory.dmp

      Filesize

      8KB

      Download