Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
39s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
05/12/2022, 20:39
Static task
static1
Behavioral task
behavioral1
Sample
28b19d9f56215e5fd7c2bc974680f0390b7d90f42237617f696430675d871486.dll
Resource
win7-20220812-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
28b19d9f56215e5fd7c2bc974680f0390b7d90f42237617f696430675d871486.dll
Resource
win10v2004-20220812-en
1 signatures
150 seconds
General
-
Target
28b19d9f56215e5fd7c2bc974680f0390b7d90f42237617f696430675d871486.dll
-
Size
3KB
-
MD5
584b329aa39f72e76efe1da2015e80b0
-
SHA1
ab2a18d4323a444c1e1c97d80c07fd6671a5bd60
-
SHA256
28b19d9f56215e5fd7c2bc974680f0390b7d90f42237617f696430675d871486
-
SHA512
665a5c277102faa5bc977d2c433cc6bd6cffd615a7083888de00c100f1a1be96576e619da6142d2e3f0e68338e354e9c415992a93f6c16888c8784be4972e443
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1724 wrote to memory of 980 1724 rundll32.exe 28 PID 1724 wrote to memory of 980 1724 rundll32.exe 28 PID 1724 wrote to memory of 980 1724 rundll32.exe 28 PID 1724 wrote to memory of 980 1724 rundll32.exe 28 PID 1724 wrote to memory of 980 1724 rundll32.exe 28 PID 1724 wrote to memory of 980 1724 rundll32.exe 28 PID 1724 wrote to memory of 980 1724 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\28b19d9f56215e5fd7c2bc974680f0390b7d90f42237617f696430675d871486.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1724 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\28b19d9f56215e5fd7c2bc974680f0390b7d90f42237617f696430675d871486.dll,#12⤵PID:980
-