Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
21/08/2023, 23:35
Static task
static1
Behavioral task
behavioral1
Sample
500644d1c13d0f27d6332eb6abbb6bf6cf1d327c4a093edb1d53473bf59b366e.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
500644d1c13d0f27d6332eb6abbb6bf6cf1d327c4a093edb1d53473bf59b366e.dll
Resource
win10v2004-20230703-en
General
-
Target
500644d1c13d0f27d6332eb6abbb6bf6cf1d327c4a093edb1d53473bf59b366e.dll
-
Size
24KB
-
MD5
79e4057940c12a68b51e86038bf76814
-
SHA1
e4d4359793bcd0b647577b46642d3ca8132e8ba2
-
SHA256
500644d1c13d0f27d6332eb6abbb6bf6cf1d327c4a093edb1d53473bf59b366e
-
SHA512
52ead9820b37764e752fd197b189402b4301f5df9635a6f4109074f4459797bfe0b58a415c086a644c50389a933c7c48740a762746dc998363b8234e6c70f193
-
SSDEEP
384:/cG6fu3gFvqxmdOWuoDUdIiMomgNmtfSC3sBHatKse9hPK:/cGYuQtqYDuoDUdTmphcHaMJPy
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2052 wrote to memory of 1744 2052 rundll32.exe 28 PID 2052 wrote to memory of 1744 2052 rundll32.exe 28 PID 2052 wrote to memory of 1744 2052 rundll32.exe 28 PID 2052 wrote to memory of 1744 2052 rundll32.exe 28 PID 2052 wrote to memory of 1744 2052 rundll32.exe 28 PID 2052 wrote to memory of 1744 2052 rundll32.exe 28 PID 2052 wrote to memory of 1744 2052 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\500644d1c13d0f27d6332eb6abbb6bf6cf1d327c4a093edb1d53473bf59b366e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2052 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\500644d1c13d0f27d6332eb6abbb6bf6cf1d327c4a093edb1d53473bf59b366e.dll,#12⤵PID:1744
-