Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
44s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 03:10
Behavioral task
behavioral1
Sample
6a657ff1abe5c03b22292efcd33863e90dbcf41fb5513cf9c3e4c1d6947f280f.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
6a657ff1abe5c03b22292efcd33863e90dbcf41fb5513cf9c3e4c1d6947f280f.dll
Resource
win10v2004-20220812-en
General
-
Target
6a657ff1abe5c03b22292efcd33863e90dbcf41fb5513cf9c3e4c1d6947f280f.dll
-
Size
52KB
-
MD5
9347cb04516d2b4dde84fe1d0798aa06
-
SHA1
bb4d8c672acdd091098f9fd0825a94f2edfe51f9
-
SHA256
6a657ff1abe5c03b22292efcd33863e90dbcf41fb5513cf9c3e4c1d6947f280f
-
SHA512
83dfa06cf8811e9be42c05c6f5eed9956f4802fedafcf886bc9184b689828b7d42ec104f27208abec4d34c4038db2fa488f4ad2301d8b2bbd2677f75d5627ed7
-
SSDEEP
1536:5jRmOqiWPpTUEWCjpKzgqGamTO7oK1DjV69:xfqdhU2jOgqGamTahjV69
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27 PID 1048 wrote to memory of 1928 1048 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6a657ff1abe5c03b22292efcd33863e90dbcf41fb5513cf9c3e4c1d6947f280f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1048 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6a657ff1abe5c03b22292efcd33863e90dbcf41fb5513cf9c3e4c1d6947f280f.dll,#12⤵PID:1928
-