Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 03:41
Behavioral task
behavioral1
Sample
93c00724e1a87a440e0bcd00c4b70a897e26bc4f046e7f84688c33b8473d4895.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
93c00724e1a87a440e0bcd00c4b70a897e26bc4f046e7f84688c33b8473d4895.dll
Resource
win10v2004-20220812-en
General
-
Target
93c00724e1a87a440e0bcd00c4b70a897e26bc4f046e7f84688c33b8473d4895.dll
-
Size
76KB
-
MD5
5ad6d912d0c3fadc3438ce47e4cfaaae
-
SHA1
0d47a91b89c173407a6b6045be2c0c64b7d62179
-
SHA256
93c00724e1a87a440e0bcd00c4b70a897e26bc4f046e7f84688c33b8473d4895
-
SHA512
bc224afcdc13bf24a03e3bcadd8342b431ecb518e3979945c562c0092b4eb483b1f6a184cdcc99e83d7ac37a77c3d56713ed10f8bcda48c650257a5b08d877da
-
SSDEEP
1536:yl3E0TWEAq5MxvScjP1SI3TqCCs2RTyJO5pr9dFYuxF9z:E39i+5MtrLlDBqsOddFYwF9z
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1648 wrote to memory of 608 1648 rundll32.exe 28 PID 1648 wrote to memory of 608 1648 rundll32.exe 28 PID 1648 wrote to memory of 608 1648 rundll32.exe 28 PID 1648 wrote to memory of 608 1648 rundll32.exe 28 PID 1648 wrote to memory of 608 1648 rundll32.exe 28 PID 1648 wrote to memory of 608 1648 rundll32.exe 28 PID 1648 wrote to memory of 608 1648 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\93c00724e1a87a440e0bcd00c4b70a897e26bc4f046e7f84688c33b8473d4895.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1648 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\93c00724e1a87a440e0bcd00c4b70a897e26bc4f046e7f84688c33b8473d4895.dll,#12⤵PID:608
-