Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
20s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05/12/2022, 18:47
Behavioral task
behavioral1
Sample
d0b7da72a9e9c49a2087444788cab41b8302ec70f84c5a7d38a0582577cef2d9.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
d0b7da72a9e9c49a2087444788cab41b8302ec70f84c5a7d38a0582577cef2d9.dll
Resource
win10v2004-20220812-en
General
-
Target
d0b7da72a9e9c49a2087444788cab41b8302ec70f84c5a7d38a0582577cef2d9.dll
-
Size
97KB
-
MD5
24b27785c476a59825cbd02f9ac2b67b
-
SHA1
d018394efbe0f15bb91579bf62d599a1dde74926
-
SHA256
d0b7da72a9e9c49a2087444788cab41b8302ec70f84c5a7d38a0582577cef2d9
-
SHA512
16ae0b410b78bd33fff9d6c4b0133e94b209f33d2c274b818a626511856efddf4d1a3599815cf11d23c28eccfe70e2a0e6fdc652b0a1c390fe862106f7abfb5f
-
SSDEEP
1536:Q3LZX5VqGQ3iHVsWPBe/3Q77G1V8hOhjowzwg+6qCsEyr/BUanLUk5+QIsFVk7hG:6MGKi17cSG1kEpn+WjSfLUXFkVk99Lg1
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 860 wrote to memory of 1352 860 rundll32.exe 27 PID 860 wrote to memory of 1352 860 rundll32.exe 27 PID 860 wrote to memory of 1352 860 rundll32.exe 27 PID 860 wrote to memory of 1352 860 rundll32.exe 27 PID 860 wrote to memory of 1352 860 rundll32.exe 27 PID 860 wrote to memory of 1352 860 rundll32.exe 27 PID 860 wrote to memory of 1352 860 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0b7da72a9e9c49a2087444788cab41b8302ec70f84c5a7d38a0582577cef2d9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:860 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d0b7da72a9e9c49a2087444788cab41b8302ec70f84c5a7d38a0582577cef2d9.dll,#12⤵PID:1352
-