Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
06/12/2022, 01:21
Static task
static1
Behavioral task
behavioral1
Sample
7d7d7d4b401f280292a67baa5c469d6db3472c0b25336be7f4eba68341adc6ab.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
7d7d7d4b401f280292a67baa5c469d6db3472c0b25336be7f4eba68341adc6ab.dll
Resource
win10v2004-20220901-en
General
-
Target
7d7d7d4b401f280292a67baa5c469d6db3472c0b25336be7f4eba68341adc6ab.dll
-
Size
6KB
-
MD5
357f43a66f78934b7d15f2ab6d91c6f0
-
SHA1
e206233e3de558947856321de92bcf65fd41bc92
-
SHA256
7d7d7d4b401f280292a67baa5c469d6db3472c0b25336be7f4eba68341adc6ab
-
SHA512
05f2470b8967ae4b3bd89b98b5181255ec5891d82295420ef67c81d724668d6c52c6ae50c5eb9cbaa48576650b32511541c9cde342c1539f48e8c7a26f4f141f
-
SSDEEP
96:hy859x0P8Ma3ukQ5fLQHHsUYXi8QNgZDYAl7aEqS:F5oLqu55D0HmXi81ZDYAl7W
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1700 wrote to memory of 944 1700 rundll32.exe 27 PID 1700 wrote to memory of 944 1700 rundll32.exe 27 PID 1700 wrote to memory of 944 1700 rundll32.exe 27 PID 1700 wrote to memory of 944 1700 rundll32.exe 27 PID 1700 wrote to memory of 944 1700 rundll32.exe 27 PID 1700 wrote to memory of 944 1700 rundll32.exe 27 PID 1700 wrote to memory of 944 1700 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7d7d7d4b401f280292a67baa5c469d6db3472c0b25336be7f4eba68341adc6ab.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1700 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7d7d7d4b401f280292a67baa5c469d6db3472c0b25336be7f4eba68341adc6ab.dll,#12⤵PID:944
-