Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05/12/2022, 07:12
Static task
static1
Behavioral task
behavioral1
Sample
beb7bc08acf44880401412b94e98e31a871207e66b90ccc275b831cba021e60b.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
beb7bc08acf44880401412b94e98e31a871207e66b90ccc275b831cba021e60b.dll
Resource
win10v2004-20220812-en
General
-
Target
beb7bc08acf44880401412b94e98e31a871207e66b90ccc275b831cba021e60b.dll
-
Size
1.7MB
-
MD5
d74f4d2e1176200a498964c218c04dfa
-
SHA1
1a0354245c05eaf21bca5654f1a01ab69d1af31e
-
SHA256
beb7bc08acf44880401412b94e98e31a871207e66b90ccc275b831cba021e60b
-
SHA512
51b1674707ac85bf1a1b2af02cd09865da112c8d57b11d46503139725105d468ee36ad26b7165091d52f8be897a43de93d3211b29e4ec802479435331b2b5a1c
-
SSDEEP
49152:84ba5FtOFbrFNjW3zrIhJQbUzdqoc+17D27NFOxa9ejp/g:xYb0FNjW34+UzdimO7N0x4ejpI
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1920 wrote to memory of 1012 1920 rundll32.exe 28 PID 1920 wrote to memory of 1012 1920 rundll32.exe 28 PID 1920 wrote to memory of 1012 1920 rundll32.exe 28 PID 1920 wrote to memory of 1012 1920 rundll32.exe 28 PID 1920 wrote to memory of 1012 1920 rundll32.exe 28 PID 1920 wrote to memory of 1012 1920 rundll32.exe 28 PID 1920 wrote to memory of 1012 1920 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\beb7bc08acf44880401412b94e98e31a871207e66b90ccc275b831cba021e60b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1920 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\beb7bc08acf44880401412b94e98e31a871207e66b90ccc275b831cba021e60b.dll,#12⤵PID:1012
-