Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
41s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 02:54
Static task
static1
Behavioral task
behavioral1
Sample
f25be3434e8ea92b318802e7d89eaf9ad3c9a629cf3910acfd203ea9fd18ee8b.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f25be3434e8ea92b318802e7d89eaf9ad3c9a629cf3910acfd203ea9fd18ee8b.dll
Resource
win10v2004-20220901-en
General
-
Target
f25be3434e8ea92b318802e7d89eaf9ad3c9a629cf3910acfd203ea9fd18ee8b.dll
-
Size
5KB
-
MD5
b609ef41f7ce325a547964d630862130
-
SHA1
0b76ce153eea22a771ef857691b9d6c35ccea898
-
SHA256
f25be3434e8ea92b318802e7d89eaf9ad3c9a629cf3910acfd203ea9fd18ee8b
-
SHA512
3ed35de7d96b80f0517f0cab7c1d856a0ed2fe68ee46e1a2fb5ecd6860d80d5b8fa4603446765c6cfa9426722ea81d35bad8409d8fca38a346e755a8d6e824fb
-
SSDEEP
96:RZDi6iiGIaXowjJj8KE7milmQ1k6GsvvV0DB5UVMecB2SHklAF9BH:RZ+a1eSK+VSDcmF2+7B
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1792 wrote to memory of 1216 1792 rundll32.exe 28 PID 1792 wrote to memory of 1216 1792 rundll32.exe 28 PID 1792 wrote to memory of 1216 1792 rundll32.exe 28 PID 1792 wrote to memory of 1216 1792 rundll32.exe 28 PID 1792 wrote to memory of 1216 1792 rundll32.exe 28 PID 1792 wrote to memory of 1216 1792 rundll32.exe 28 PID 1792 wrote to memory of 1216 1792 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f25be3434e8ea92b318802e7d89eaf9ad3c9a629cf3910acfd203ea9fd18ee8b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1792 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f25be3434e8ea92b318802e7d89eaf9ad3c9a629cf3910acfd203ea9fd18ee8b.dll,#12⤵PID:1216
-