Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 04:29
Static task
static1
Behavioral task
behavioral1
Sample
c13f07533312e83f4f68f48ce864130f135cbc6b71d6f96da545a13126d62c7f.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c13f07533312e83f4f68f48ce864130f135cbc6b71d6f96da545a13126d62c7f.dll
Resource
win10v2004-20221111-en
General
-
Target
c13f07533312e83f4f68f48ce864130f135cbc6b71d6f96da545a13126d62c7f.dll
-
Size
34KB
-
MD5
684d0d9dd10bb27800ab15f0659a1640
-
SHA1
84d5c405412fb88662865cfe0be4b6150267b4f0
-
SHA256
c13f07533312e83f4f68f48ce864130f135cbc6b71d6f96da545a13126d62c7f
-
SHA512
1e6b2322369531346e53f46be64fc76f83e5f9adb840c05e0c008ec68bbda3b1f0635e435722654c73cea415235f6daaeb613330ccf771794139865a50ab33ff
-
SSDEEP
768:N7tXGKqr8zXfaLtzxI7rQimiNf5hqD1DRCbtrvqP:N79GCfaL47rQipkxRmtrvqP
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1172 wrote to memory of 444 1172 rundll32.exe 28 PID 1172 wrote to memory of 444 1172 rundll32.exe 28 PID 1172 wrote to memory of 444 1172 rundll32.exe 28 PID 1172 wrote to memory of 444 1172 rundll32.exe 28 PID 1172 wrote to memory of 444 1172 rundll32.exe 28 PID 1172 wrote to memory of 444 1172 rundll32.exe 28 PID 1172 wrote to memory of 444 1172 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c13f07533312e83f4f68f48ce864130f135cbc6b71d6f96da545a13126d62c7f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1172 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c13f07533312e83f4f68f48ce864130f135cbc6b71d6f96da545a13126d62c7f.dll,#12⤵PID:444
-