Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
23s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05/12/2022, 11:26
Static task
static1
Behavioral task
behavioral1
Sample
572ae7707905f11a31f31ffb3984e8be0b2a4b49b299b73e0cacad49a515405f.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
572ae7707905f11a31f31ffb3984e8be0b2a4b49b299b73e0cacad49a515405f.dll
Resource
win10v2004-20220812-en
General
-
Target
572ae7707905f11a31f31ffb3984e8be0b2a4b49b299b73e0cacad49a515405f.dll
-
Size
6KB
-
MD5
e94c09a2547c3f92ccecc141540d4370
-
SHA1
69570fe2f6468bea8b5239bb16b6b4f2444b4c1e
-
SHA256
572ae7707905f11a31f31ffb3984e8be0b2a4b49b299b73e0cacad49a515405f
-
SHA512
7ba400a6e638eda0b004c9a0da7e2dace10be988d3700703b4fa3beed10f2ce8565198b9d9a84cba54dd4bf4bcd861f909f82ae2be1bd4ca721f6c6a6f1e96da
-
SSDEEP
96:nEY2RrF1eqwi4fNCVf7t4mzUGbfg+UblRiJt5E8kY93xRH:EHRh1eppfYtfUdbwxVV
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1228 wrote to memory of 844 1228 rundll32.exe 27 PID 1228 wrote to memory of 844 1228 rundll32.exe 27 PID 1228 wrote to memory of 844 1228 rundll32.exe 27 PID 1228 wrote to memory of 844 1228 rundll32.exe 27 PID 1228 wrote to memory of 844 1228 rundll32.exe 27 PID 1228 wrote to memory of 844 1228 rundll32.exe 27 PID 1228 wrote to memory of 844 1228 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\572ae7707905f11a31f31ffb3984e8be0b2a4b49b299b73e0cacad49a515405f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\572ae7707905f11a31f31ffb3984e8be0b2a4b49b299b73e0cacad49a515405f.dll,#12⤵PID:844
-