Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
13s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
05/12/2022, 21:34
Static task
static1
Behavioral task
behavioral1
Sample
b31ebf17f10adb718695bd432ac2bd8006875c3547012471b5bb98fd031fdada.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b31ebf17f10adb718695bd432ac2bd8006875c3547012471b5bb98fd031fdada.dll
Resource
win10v2004-20221111-en
General
-
Target
b31ebf17f10adb718695bd432ac2bd8006875c3547012471b5bb98fd031fdada.dll
-
Size
20KB
-
MD5
c647d48ed976640c62bcf5b30025441f
-
SHA1
8bfab0ecf668659287d12f452664b9efc4d8c9bd
-
SHA256
b31ebf17f10adb718695bd432ac2bd8006875c3547012471b5bb98fd031fdada
-
SHA512
e407dacea5f16a524be01244704471d97e6d5d9c92dd9ad67a8caf5b252ed3702b6427040e8ec9e99f8860ddf850a014d2538c09f08e2ec630aeb2f5b21f9f11
-
SSDEEP
384:zSG/2Jp+C6QhtmruxCcdIL+0Xpl8CAu8UaWHuqaTlX0wG:zfYh2oCtpXP8x2OqaewG
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 1372 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 1372 rundll32.exe 1372 rundll32.exe 1372 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1368 wrote to memory of 1372 1368 rundll32.exe 28 PID 1368 wrote to memory of 1372 1368 rundll32.exe 28 PID 1368 wrote to memory of 1372 1368 rundll32.exe 28 PID 1368 wrote to memory of 1372 1368 rundll32.exe 28 PID 1368 wrote to memory of 1372 1368 rundll32.exe 28 PID 1368 wrote to memory of 1372 1368 rundll32.exe 28 PID 1368 wrote to memory of 1372 1368 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b31ebf17f10adb718695bd432ac2bd8006875c3547012471b5bb98fd031fdada.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1368 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b31ebf17f10adb718695bd432ac2bd8006875c3547012471b5bb98fd031fdada.dll,#12⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1372
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD5e43ff8faf63cf4962799be767cd6c539
SHA178500ffe81e9e9866df75a779f4ee18789636421
SHA2560b7a07ca52f4ae8fdbf82319a35b0f4493e1db6ce849bb59abaefb26a81c9f94
SHA51256e0ab5966b137bac6ff0b9af2fcaf73f03c69c4eca2ded3af8de986aae4d8004db9c82f7f2ee68cbebfa2f8ed811939ec5a2316a7cc9c1397f29a5692466ae1