Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
48s -
max time network
52s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
07/12/2022, 02:20
Static task
static1
Behavioral task
behavioral1
Sample
e732d4eac01e6d955e9df066894ab7dd7096679bdfc5be67bce12843633cebf8.dll
Resource
win7-20220901-en
windows7-x64
Behavioral task
behavioral2
Sample
e732d4eac01e6d955e9df066894ab7dd7096679bdfc5be67bce12843633cebf8.dll
Resource
win10v2004-20220812-en
windows10-2004-x64
General
-
Target
e732d4eac01e6d955e9df066894ab7dd7096679bdfc5be67bce12843633cebf8.dll
-
Size
27KB
-
MD5
d70de7cfd9cb6f135a7d4c0823ec88e0
-
SHA1
b2e71ca661e19b256dd92db34ea81f055276815a
-
SHA256
e732d4eac01e6d955e9df066894ab7dd7096679bdfc5be67bce12843633cebf8
-
SHA512
09a56eaf38b443096914d913169b83082169c2d38ceca4093e1df54bb049ff4cff05cb2fe864867599736a8bda408edbdae20d07cdef8ce966ebae96604a2d77
-
SSDEEP
384:1/yASy0m2N4tlJQNPi20Q/IdPc8zuP1XUSHVqmTbDOJBpbmXwkIvuwHjCYe:S0lJwPi5Q/IVZuiSHVqmiVmf2e
Malware Config
Signatures
-
Blocklisted process makes network request 64 IoCs
flow pid Process 1 1524 rundll32.exe 2 1524 rundll32.exe 3 1524 rundll32.exe 4 1524 rundll32.exe 5 1524 rundll32.exe 6 1524 rundll32.exe 7 1524 rundll32.exe 8 1524 rundll32.exe 9 1524 rundll32.exe 10 1524 rundll32.exe 11 1524 rundll32.exe 12 1524 rundll32.exe 13 1524 rundll32.exe 14 1524 rundll32.exe 15 1524 rundll32.exe 16 1524 rundll32.exe 17 1524 rundll32.exe 18 1524 rundll32.exe 19 1524 rundll32.exe 20 1524 rundll32.exe 21 1524 rundll32.exe 22 1524 rundll32.exe 23 1524 rundll32.exe 24 1524 rundll32.exe 25 1524 rundll32.exe 26 1524 rundll32.exe 27 1524 rundll32.exe 28 1524 rundll32.exe 29 1524 rundll32.exe 30 1524 rundll32.exe 31 1524 rundll32.exe 32 1524 rundll32.exe 33 1524 rundll32.exe 34 1524 rundll32.exe 35 1524 rundll32.exe 36 1524 rundll32.exe 37 1524 rundll32.exe 38 1524 rundll32.exe 39 1524 rundll32.exe 40 1524 rundll32.exe 41 1524 rundll32.exe 42 1524 rundll32.exe 43 1524 rundll32.exe 44 1524 rundll32.exe 45 1524 rundll32.exe 46 1524 rundll32.exe 47 1524 rundll32.exe 48 1524 rundll32.exe 49 1524 rundll32.exe 50 1524 rundll32.exe 51 1524 rundll32.exe 52 1524 rundll32.exe 53 1524 rundll32.exe 54 1524 rundll32.exe 55 1524 rundll32.exe 56 1524 rundll32.exe 57 1524 rundll32.exe 58 1524 rundll32.exe 59 1524 rundll32.exe 60 1524 rundll32.exe 61 1524 rundll32.exe 62 1524 rundll32.exe 63 1524 rundll32.exe 64 1524 rundll32.exe -
Sets service image path in registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\4287881808\ImagePath = "\\systemroot\\4287881808" rundll32.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 1524 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeLoadDriverPrivilege 1524 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1288 wrote to memory of 1524 1288 rundll32.exe 27 PID 1288 wrote to memory of 1524 1288 rundll32.exe 27 PID 1288 wrote to memory of 1524 1288 rundll32.exe 27 PID 1288 wrote to memory of 1524 1288 rundll32.exe 27 PID 1288 wrote to memory of 1524 1288 rundll32.exe 27 PID 1288 wrote to memory of 1524 1288 rundll32.exe 27 PID 1288 wrote to memory of 1524 1288 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e732d4eac01e6d955e9df066894ab7dd7096679bdfc5be67bce12843633cebf8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1288 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e732d4eac01e6d955e9df066894ab7dd7096679bdfc5be67bce12843633cebf8.dll,#12⤵
- Blocklisted process makes network request
- Sets service image path in registry
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1524
-