Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    47s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 08:35

General

  • Target

    3536598af43a43b708e06c45b2f055915b834a30a11f52d09913b6a53c3b93cb.dll

  • Size

    101KB

  • MD5

    0b7e6eba53d5cf47bcc5f5dbfdbd6130

  • SHA1

    2d5f63b1f390c070aa0278aee4f0a46c8dd83c03

  • SHA256

    3536598af43a43b708e06c45b2f055915b834a30a11f52d09913b6a53c3b93cb

  • SHA512

    c01861d5a2b14914d4555d32e8908e5a876ce0c6c0fe7fe79252c335093a158faba31caa74192aaddafd5fa0914a1199861cf5504fe3b64525d0c9b01b2d8be2

  • SSDEEP

    1536:ldIOL2smex6AAje771ExQeC+P8fsl8olebWV6rHAFypJnjgcagpzRKatwd40XwcX:AOL2smbjZxLL8UaCV68FyXnkrOltkng8

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\3536598af43a43b708e06c45b2f055915b834a30a11f52d09913b6a53c3b93cb.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\3536598af43a43b708e06c45b2f055915b834a30a11f52d09913b6a53c3b93cb.dll,#1
      2⤵
        PID:996

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/996-55-0x00000000757A1000-0x00000000757A3000-memory.dmp

      Filesize

      8KB

    • memory/996-56-0x0000000010000000-0x0000000010024000-memory.dmp

      Filesize

      144KB

    • memory/996-57-0x0000000010000000-0x0000000010024000-memory.dmp

      Filesize

      144KB

    • memory/996-58-0x0000000000960000-0x0000000000A69000-memory.dmp

      Filesize

      1.0MB