Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
48s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 02:42
Static task
static1
Behavioral task
behavioral1
Sample
f730025c1829b63f591cd5a536dd6e41c01c5a85a90832e2dc1c29c8ca66e259.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
f730025c1829b63f591cd5a536dd6e41c01c5a85a90832e2dc1c29c8ca66e259.dll
Resource
win10v2004-20220812-en
General
-
Target
f730025c1829b63f591cd5a536dd6e41c01c5a85a90832e2dc1c29c8ca66e259.dll
-
Size
72KB
-
MD5
ebdce359b30c9b4d72d97f319455cd9e
-
SHA1
39d160b8224bd92c865fb38f18fd7ceb753bbc73
-
SHA256
f730025c1829b63f591cd5a536dd6e41c01c5a85a90832e2dc1c29c8ca66e259
-
SHA512
413d886404eac4605dd811722221a6d72ba2804ad5d388e41d88ae35d23da7fa58a7f2464bf0f42c03edac7d799c2a69657d2ea91c989407de061a1774447c72
-
SSDEEP
1536:/UPMadZgQ24x/tCcgQFPvXGNRfWlAPClJO:/T8KQ2K/txrt2NNClJ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1536 wrote to memory of 1564 1536 rundll32.exe 26 PID 1536 wrote to memory of 1564 1536 rundll32.exe 26 PID 1536 wrote to memory of 1564 1536 rundll32.exe 26 PID 1536 wrote to memory of 1564 1536 rundll32.exe 26 PID 1536 wrote to memory of 1564 1536 rundll32.exe 26 PID 1536 wrote to memory of 1564 1536 rundll32.exe 26 PID 1536 wrote to memory of 1564 1536 rundll32.exe 26
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f730025c1829b63f591cd5a536dd6e41c01c5a85a90832e2dc1c29c8ca66e259.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1536 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f730025c1829b63f591cd5a536dd6e41c01c5a85a90832e2dc1c29c8ca66e259.dll,#12⤵PID:1564
-