Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
28s -
max time network
32s -
platform
windows7_x64 -
resource
win7-20230703-en -
resource tags
arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system -
submitted
03/07/2023, 20:17
Static task
static1
Behavioral task
behavioral1
Sample
71d59378b01fd38a245411a2280096b77d078930e4e22ea51450171eb7fdf225.dll
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
71d59378b01fd38a245411a2280096b77d078930e4e22ea51450171eb7fdf225.dll
Resource
win10v2004-20230703-en
General
-
Target
71d59378b01fd38a245411a2280096b77d078930e4e22ea51450171eb7fdf225.dll
-
Size
214KB
-
MD5
93019fcc850136eb59f7d69f5ed5ffab
-
SHA1
151fd8eb064990a761f93d586a4843da09e1ac29
-
SHA256
71d59378b01fd38a245411a2280096b77d078930e4e22ea51450171eb7fdf225
-
SHA512
30c0d18f0704ef5faf849f23c349bd11d0931a9209aff15527eafb6756c80cf4e19181ecf7264814804e13109e74a359b9db5a4a8b74758a45204a0b7aebf815
-
SSDEEP
6144:+Sephsv+uIquZQ0V+i2i+lBp3iiFasGMEMG/:muQ3rZSBp3iYalM2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2096 wrote to memory of 2188 2096 rundll32.exe 28 PID 2096 wrote to memory of 2188 2096 rundll32.exe 28 PID 2096 wrote to memory of 2188 2096 rundll32.exe 28 PID 2096 wrote to memory of 2188 2096 rundll32.exe 28 PID 2096 wrote to memory of 2188 2096 rundll32.exe 28 PID 2096 wrote to memory of 2188 2096 rundll32.exe 28 PID 2096 wrote to memory of 2188 2096 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\71d59378b01fd38a245411a2280096b77d078930e4e22ea51450171eb7fdf225.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2096 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\71d59378b01fd38a245411a2280096b77d078930e4e22ea51450171eb7fdf225.dll,#12⤵PID:2188
-