Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
6s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
06/12/2022, 20:29
Behavioral task
behavioral1
Sample
f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll
Resource
win10v2004-20220812-en
General
-
Target
f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll
-
Size
56KB
-
MD5
6e72520a70b1b051de58366d1aa236a0
-
SHA1
97e4c6f1806d621a44d24dddaa2f7e2dbaf81e6e
-
SHA256
f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d
-
SHA512
c60b9d4ea3dbcb821f4a48ff3b42bcdf777df4de3577c2df348f69921a541a7eecfe3573baf36a58977db9edd18776a5b22401f1407bc0310a9a2f9794d8a657
-
SSDEEP
1536:kjRUjsK3W8jkG3TaBrGqNwa8n0wZkXzt+JSJ91gLV:kF2sK7gG3TaBCqGLrSkc91MV
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 960 wrote to memory of 1332 960 rundll32.exe 28 PID 960 wrote to memory of 1332 960 rundll32.exe 28 PID 960 wrote to memory of 1332 960 rundll32.exe 28 PID 960 wrote to memory of 1332 960 rundll32.exe 28 PID 960 wrote to memory of 1332 960 rundll32.exe 28 PID 960 wrote to memory of 1332 960 rundll32.exe 28 PID 960 wrote to memory of 1332 960 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:960 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll,#12⤵PID:1332
-