Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
31s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 03:51
Behavioral task
behavioral1
Sample
ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace.dll
Resource
win10v2004-20220812-en
General
-
Target
ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace.dll
-
Size
76KB
-
MD5
37826c72b1b133533bbb422b35b8e17e
-
SHA1
1a662f80121414fcaf73a7028456f74bb5a8acc6
-
SHA256
ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace
-
SHA512
449ec87129b7442a9697855f4aa1cc1ec63fce59f7a33b09413666a1b86beafe377ce7c079f88b3cc34f82e6d1974463b795b7567316b53028fb5bb27750837f
-
SSDEEP
1536:Mq/JmJSP635twGuOivzH6y47fnXqcEzEhjfY:z/JmJSPACjqrqVmjg
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 596 wrote to memory of 848 596 rundll32.exe 28 PID 596 wrote to memory of 848 596 rundll32.exe 28 PID 596 wrote to memory of 848 596 rundll32.exe 28 PID 596 wrote to memory of 848 596 rundll32.exe 28 PID 596 wrote to memory of 848 596 rundll32.exe 28 PID 596 wrote to memory of 848 596 rundll32.exe 28 PID 596 wrote to memory of 848 596 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:596 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ccb608bc2d690372424824b7a041df024a27f4e3ae5db0cde135e0c2b2df1ace.dll,#12⤵PID:848
-