Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
01/08/2023, 07:08
Static task
static1
Behavioral task
behavioral1
Sample
b3ed66ba48c9e937662c419e8bb7c0ff2db5cabaa0a9ce3b00643987487ec21d.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
b3ed66ba48c9e937662c419e8bb7c0ff2db5cabaa0a9ce3b00643987487ec21d.dll
Resource
win10v2004-20230703-en
General
-
Target
b3ed66ba48c9e937662c419e8bb7c0ff2db5cabaa0a9ce3b00643987487ec21d.dll
-
Size
1.3MB
-
MD5
96ee10c0e20467cf3ac8f10e64e75b7d
-
SHA1
8d0874fb399c084c029e321f6c8c9bbe30d17caf
-
SHA256
b3ed66ba48c9e937662c419e8bb7c0ff2db5cabaa0a9ce3b00643987487ec21d
-
SHA512
115575fa6acc81849bbc0fa72ece4f65d2eaf4186b59a32f53f90555ed9e831339259bb664cf5a04522262b8fb0d2425c020459b488b66e986fecbd976f1f520
-
SSDEEP
24576:KTXSjZ4h7POKX1UshOrD5CWQ70BN8uum94+BHL3P9:KTXSqh7mdsI3ozug+ZDP9
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2792 wrote to memory of 3024 2792 rundll32.exe 28 PID 2792 wrote to memory of 3024 2792 rundll32.exe 28 PID 2792 wrote to memory of 3024 2792 rundll32.exe 28 PID 2792 wrote to memory of 3024 2792 rundll32.exe 28 PID 2792 wrote to memory of 3024 2792 rundll32.exe 28 PID 2792 wrote to memory of 3024 2792 rundll32.exe 28 PID 2792 wrote to memory of 3024 2792 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b3ed66ba48c9e937662c419e8bb7c0ff2db5cabaa0a9ce3b00643987487ec21d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b3ed66ba48c9e937662c419e8bb7c0ff2db5cabaa0a9ce3b00643987487ec21d.dll,#12⤵PID:3024
-