Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
144s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 00:48
Static task
static1
Behavioral task
behavioral1
Sample
604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619.dll
Resource
win10v2004-20221111-en
General
-
Target
604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619.dll
-
Size
448KB
-
MD5
e7f4878395dadd49b14390347945ef10
-
SHA1
33ad326bd5f6d9cab4f4819d8e054cf79b98578f
-
SHA256
604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619
-
SHA512
a8de6870a1704217ee61b2e329ca39d09a0d1fe526b350338dffb1f1ab8a87c5a2d0c8ed2f13c7316b7e7eca3495d10030b918fc56f8b743df2562114a304544
-
SSDEEP
3072:faWIJLbdT3uzcBq747XerfRiNdHT9BFYQo7YH9VLs:pIJLJjuoBq7OXerfR0xB2QMI
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1416 rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1416 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 900 wrote to memory of 1416 900 rundll32.exe 27 PID 900 wrote to memory of 1416 900 rundll32.exe 27 PID 900 wrote to memory of 1416 900 rundll32.exe 27 PID 900 wrote to memory of 1416 900 rundll32.exe 27 PID 900 wrote to memory of 1416 900 rundll32.exe 27 PID 900 wrote to memory of 1416 900 rundll32.exe 27 PID 900 wrote to memory of 1416 900 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:900 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\604a2382b08ba87cdc2c97447eef1a12ed43178337cc7e581bfdec14815bd619.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1416
-