Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
03/12/2022, 11:37
Static task
static1
Behavioral task
behavioral1
Sample
eb6a78c60d6adfdbf1cef101a7ec40229efb06de82a83eaabfd57352bf425fd9.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
eb6a78c60d6adfdbf1cef101a7ec40229efb06de82a83eaabfd57352bf425fd9.dll
Resource
win10v2004-20220812-en
General
-
Target
eb6a78c60d6adfdbf1cef101a7ec40229efb06de82a83eaabfd57352bf425fd9.dll
-
Size
172KB
-
MD5
309d812f01f1db9123db63b787b45ec8
-
SHA1
223c97477f0cf3c7d14e453d31550397413a8df0
-
SHA256
eb6a78c60d6adfdbf1cef101a7ec40229efb06de82a83eaabfd57352bf425fd9
-
SHA512
8f6bf1f8b6c6a7f7d024e197b11a79ab1e8a2b1b419e7a9d9d0119f17d01a1bdbe81d37344e4d61ab87d2042647cd3cd44850adf285d595891cc2431c6724f3f
-
SSDEEP
3072:pJRTJteUJ1Fs7MaSJTMKuOBS7OncHcUF1RjtEwlHJ1L22blmA9NqxvWWhDGH:ls+KimhHcmkyMxvW
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1644 wrote to memory of 1324 1644 rundll32.exe 28 PID 1644 wrote to memory of 1324 1644 rundll32.exe 28 PID 1644 wrote to memory of 1324 1644 rundll32.exe 28 PID 1644 wrote to memory of 1324 1644 rundll32.exe 28 PID 1644 wrote to memory of 1324 1644 rundll32.exe 28 PID 1644 wrote to memory of 1324 1644 rundll32.exe 28 PID 1644 wrote to memory of 1324 1644 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\eb6a78c60d6adfdbf1cef101a7ec40229efb06de82a83eaabfd57352bf425fd9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1644 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\eb6a78c60d6adfdbf1cef101a7ec40229efb06de82a83eaabfd57352bf425fd9.dll,#12⤵PID:1324
-