Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
23/08/2023, 21:13
Static task
static1
Behavioral task
behavioral1
Sample
fe2f5844ebfb623950e4560d952c883bc81ae9ff0b83ade9c1e347acbe33a92b.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
fe2f5844ebfb623950e4560d952c883bc81ae9ff0b83ade9c1e347acbe33a92b.dll
Resource
win10v2004-20230703-en
General
-
Target
fe2f5844ebfb623950e4560d952c883bc81ae9ff0b83ade9c1e347acbe33a92b.dll
-
Size
785KB
-
MD5
a6316108058a5ec96eb2e470606dffe4
-
SHA1
b2fc9e82c363468d4d0c3855b4d98637ea7bdbae
-
SHA256
fe2f5844ebfb623950e4560d952c883bc81ae9ff0b83ade9c1e347acbe33a92b
-
SHA512
c5f70c77b8c87a5c1fdb325523ab8d9129f8bd353d4e7536b559b93dc2875bbda415ca92dc0accf833eaf1a5baada1f236b19d0b3a7b893fd7179f509fe11fbb
-
SSDEEP
12288:agmNNMTluM7lS5sD+FhxrdDkYxdgojNR2OwsfJb8g6PR:aRQgGlcsKPBDkZoj3PJb8x5
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2492 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2464 wrote to memory of 2492 2464 rundll32.exe 28 PID 2464 wrote to memory of 2492 2464 rundll32.exe 28 PID 2464 wrote to memory of 2492 2464 rundll32.exe 28 PID 2464 wrote to memory of 2492 2464 rundll32.exe 28 PID 2464 wrote to memory of 2492 2464 rundll32.exe 28 PID 2464 wrote to memory of 2492 2464 rundll32.exe 28 PID 2464 wrote to memory of 2492 2464 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fe2f5844ebfb623950e4560d952c883bc81ae9ff0b83ade9c1e347acbe33a92b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2464 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fe2f5844ebfb623950e4560d952c883bc81ae9ff0b83ade9c1e347acbe33a92b.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:2492
-