Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06/12/2022, 01:51
Static task
static1
Behavioral task
behavioral1
Sample
cbc3103201b39add4458abaedd2e95b56106c7b6118b94fa6e97cca4cc2b82c0.dll
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
cbc3103201b39add4458abaedd2e95b56106c7b6118b94fa6e97cca4cc2b82c0.dll
Resource
win10v2004-20220812-en
General
-
Target
cbc3103201b39add4458abaedd2e95b56106c7b6118b94fa6e97cca4cc2b82c0.dll
-
Size
134KB
-
MD5
4c32c3cb923604469f70d5ecee4dc7fd
-
SHA1
64e44eab3ed37d9756d5f106d4757b81f7867e25
-
SHA256
cbc3103201b39add4458abaedd2e95b56106c7b6118b94fa6e97cca4cc2b82c0
-
SHA512
96734b33ac328a2748e41fac295fa4872b28c51f743468a2aa9b0a9578627e1aef028ce5ae5378f1515e41f20e262e71dd3fea3350c449872a57170223cd9525
-
SSDEEP
1536:JsIuIJkuvfZ/Auwe2PjWJnsYXP77nqSOslmoXqc6nuPK+h+hj5eKbUgWutlPAaHR:6NyxvfGXqJsQKDZNc6nuPKc+hAed7zo
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1320 wrote to memory of 1532 1320 rundll32.exe 27 PID 1320 wrote to memory of 1532 1320 rundll32.exe 27 PID 1320 wrote to memory of 1532 1320 rundll32.exe 27 PID 1320 wrote to memory of 1532 1320 rundll32.exe 27 PID 1320 wrote to memory of 1532 1320 rundll32.exe 27 PID 1320 wrote to memory of 1532 1320 rundll32.exe 27 PID 1320 wrote to memory of 1532 1320 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cbc3103201b39add4458abaedd2e95b56106c7b6118b94fa6e97cca4cc2b82c0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1320 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cbc3103201b39add4458abaedd2e95b56106c7b6118b94fa6e97cca4cc2b82c0.dll,#12⤵PID:1532
-