Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
39s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
05/12/2022, 09:03
Static task
static1
Behavioral task
behavioral1
Sample
ae6d5bb009c97d1ce2d7e194caba06388fb7f1c9ef7427ef6fe308eeef6f759b.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ae6d5bb009c97d1ce2d7e194caba06388fb7f1c9ef7427ef6fe308eeef6f759b.dll
Resource
win10v2004-20221111-en
General
-
Target
ae6d5bb009c97d1ce2d7e194caba06388fb7f1c9ef7427ef6fe308eeef6f759b.dll
-
Size
116KB
-
MD5
1265983f39459b96845ccb01c04b7067
-
SHA1
1f92e2e6d094ac345ce245f62fff1fe8b8cc87d3
-
SHA256
ae6d5bb009c97d1ce2d7e194caba06388fb7f1c9ef7427ef6fe308eeef6f759b
-
SHA512
a00a6457d98b52ae808353d2bd5aa872c1f976277ac1aa4c7dce16ae674c733e9322c9660e03bebe26b8d21a16b42c1a76d11bf90eda5417b6b6dc3d5850c032
-
SSDEEP
3072:BxuUD6ZDaBfzfBU9r4fdhbNp7fzNv6Jo6qWTRDpiU:ekQDa1fznbJv6a6qKRj
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1172 wrote to memory of 2036 1172 rundll32.exe 28 PID 1172 wrote to memory of 2036 1172 rundll32.exe 28 PID 1172 wrote to memory of 2036 1172 rundll32.exe 28 PID 1172 wrote to memory of 2036 1172 rundll32.exe 28 PID 1172 wrote to memory of 2036 1172 rundll32.exe 28 PID 1172 wrote to memory of 2036 1172 rundll32.exe 28 PID 1172 wrote to memory of 2036 1172 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ae6d5bb009c97d1ce2d7e194caba06388fb7f1c9ef7427ef6fe308eeef6f759b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1172 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ae6d5bb009c97d1ce2d7e194caba06388fb7f1c9ef7427ef6fe308eeef6f759b.dll,#12⤵PID:2036
-