Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
04/12/2022, 05:07
Behavioral task
behavioral1
Sample
c7617e6c95f63d646a476b134ed9d4e50a4b88a4d44fc73c172efe7ca5c58f55.dll
Resource
win7-20220812-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
c7617e6c95f63d646a476b134ed9d4e50a4b88a4d44fc73c172efe7ca5c58f55.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
c7617e6c95f63d646a476b134ed9d4e50a4b88a4d44fc73c172efe7ca5c58f55.dll
-
Size
948KB
-
MD5
9efb5cd4417774092c04db240eb032c2
-
SHA1
833c366b69f5f6bb1349aab053177fa876a49a99
-
SHA256
c7617e6c95f63d646a476b134ed9d4e50a4b88a4d44fc73c172efe7ca5c58f55
-
SHA512
5700366e46023d4fa65ece1c44303c682288080f4d9f58eb009811395d127a21da89e831099760be36f5c70a273c1700ceb2586c65485598785ef29881faaddf
-
SSDEEP
24576:DAfAqkKADwGdHAWVmzmlJjo/7mqzmXkCqIZ+cfxtMB1:ppsKHNmzmlJUTIfdfxtM
Score
8/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/112-56-0x0000000010000000-0x000000001027B000-memory.dmp vmprotect -
Program crash 1 IoCs
pid pid_target Process procid_target 944 112 WerFault.exe 28 -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 112 rundll32.exe Token: 33 112 rundll32.exe Token: SeIncBasePriorityPrivilege 112 rundll32.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe 112 rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 1676 wrote to memory of 112 1676 rundll32.exe 28 PID 1676 wrote to memory of 112 1676 rundll32.exe 28 PID 1676 wrote to memory of 112 1676 rundll32.exe 28 PID 1676 wrote to memory of 112 1676 rundll32.exe 28 PID 1676 wrote to memory of 112 1676 rundll32.exe 28 PID 1676 wrote to memory of 112 1676 rundll32.exe 28 PID 1676 wrote to memory of 112 1676 rundll32.exe 28 PID 112 wrote to memory of 944 112 rundll32.exe 29 PID 112 wrote to memory of 944 112 rundll32.exe 29 PID 112 wrote to memory of 944 112 rundll32.exe 29 PID 112 wrote to memory of 944 112 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c7617e6c95f63d646a476b134ed9d4e50a4b88a4d44fc73c172efe7ca5c58f55.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c7617e6c95f63d646a476b134ed9d4e50a4b88a4d44fc73c172efe7ca5c58f55.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:112 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 3763⤵
- Program crash
PID:944
-
-