Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
36s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05/12/2022, 05:57
Static task
static1
Behavioral task
behavioral1
Sample
c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c.dll
Resource
win10v2004-20221111-en
General
-
Target
c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c.dll
-
Size
7KB
-
MD5
a621deb03d294360c6c8ca7010d6b530
-
SHA1
467e8177ffcefeef919298e4ed4306dd37329319
-
SHA256
c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c
-
SHA512
2bfbc7c7778088c45107911f1c8f5e1ffd6cf29460834181df5d57c5e94eddd408675ec9583b1f3e749754fe58368ef808c46474f751f89682c59c9d959c9037
-
SSDEEP
192:OrIQUA/Rvz6VkaAXHAv4aGH4fDtTkLIWZC:Orv+VpaQX+C
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1192 wrote to memory of 1400 1192 rundll32.exe 27 PID 1192 wrote to memory of 1400 1192 rundll32.exe 27 PID 1192 wrote to memory of 1400 1192 rundll32.exe 27 PID 1192 wrote to memory of 1400 1192 rundll32.exe 27 PID 1192 wrote to memory of 1400 1192 rundll32.exe 27 PID 1192 wrote to memory of 1400 1192 rundll32.exe 27 PID 1192 wrote to memory of 1400 1192 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1192 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c9cac1e238af47daac4679fc18563b64ad08d09c1b5ef8732ef65c16ab91fe0c.dll,#12⤵PID:1400
-