Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
3s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
05/12/2022, 08:19 UTC
General
-
Target
da3a25818b90a803e7e62aa54abc3800e57c36dec58bf8f80bc7435a243faf93.dll
-
Size
1008KB
-
MD5
416117f213a32d59d7ee05981fdae033
-
SHA1
b2c09abaec31e94370a2d9db87e754ae1b0d12d5
-
SHA256
da3a25818b90a803e7e62aa54abc3800e57c36dec58bf8f80bc7435a243faf93
-
SHA512
bac7442dc4224b4ec5e750b312db2826201b5570308615ec81efe6ba916ff943468eccb1c0129c3cef067510457502e2925f9f6d6cba78669883450895f3f529
-
SSDEEP
24576:PUMFI0wALgYKGQzCOUgS387q/3ntozSGfXbyhdHo0K0KjSb:P7IZGgYNoUgSIqGzSGPubHous
Score
8/10
Malware Config
Signatures
-
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\da3a25818b90a803e7e62aa54abc3800e57c36dec58bf8f80bc7435a243faf93.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\da3a25818b90a803e7e62aa54abc3800e57c36dec58bf8f80bc7435a243faf93.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
2.7MB