Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
89s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
05/12/2022, 08:31
Static task
static1
Behavioral task
behavioral1
Sample
b308b5d3b6321677482b2a3b23dbd94bc5176ce58586f0d5278db2153e5676d3.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
b308b5d3b6321677482b2a3b23dbd94bc5176ce58586f0d5278db2153e5676d3.dll
Resource
win10v2004-20220812-en
General
-
Target
b308b5d3b6321677482b2a3b23dbd94bc5176ce58586f0d5278db2153e5676d3.dll
-
Size
41KB
-
MD5
0707268a66fe53c829d6c3c01e55c5b8
-
SHA1
92ade6e426749b4f42412dfd0d8f59ab3158340b
-
SHA256
b308b5d3b6321677482b2a3b23dbd94bc5176ce58586f0d5278db2153e5676d3
-
SHA512
cd1fbea01d4f7c2ae76708bc8972d87ea12e63f9f0751fd9226da902341ada0bff5e994315549a9d5c22b5e2fc9b16927e6cbd973c378f34a17e5dd967780a7f
-
SSDEEP
384:PsIUaAvMkhWNMR9jedW4jBAvoGoNOcXfKpUMdcvmBxctULA3WTGJ3gknhCpsK2yi:0XdHQY9dvohNODUscw/A5d82yfqivZ
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 952 wrote to memory of 1912 952 rundll32.exe 28 PID 952 wrote to memory of 1912 952 rundll32.exe 28 PID 952 wrote to memory of 1912 952 rundll32.exe 28 PID 952 wrote to memory of 1912 952 rundll32.exe 28 PID 952 wrote to memory of 1912 952 rundll32.exe 28 PID 952 wrote to memory of 1912 952 rundll32.exe 28 PID 952 wrote to memory of 1912 952 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b308b5d3b6321677482b2a3b23dbd94bc5176ce58586f0d5278db2153e5676d3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:952 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b308b5d3b6321677482b2a3b23dbd94bc5176ce58586f0d5278db2153e5676d3.dll,#12⤵PID:1912
-