Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
24/08/2023, 02:20
Behavioral task
behavioral1
Sample
e98c4838e54ef864a67ea9a1e270dbd82ca3ce6bd87ed046e9458d942a62e5e8.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
e98c4838e54ef864a67ea9a1e270dbd82ca3ce6bd87ed046e9458d942a62e5e8.dll
Resource
win10v2004-20230703-en
General
-
Target
e98c4838e54ef864a67ea9a1e270dbd82ca3ce6bd87ed046e9458d942a62e5e8.dll
-
Size
2.3MB
-
MD5
beb9818a70cd71a7bcd8018363d171b3
-
SHA1
7d3c569ebd7b51f8e172cc859be30c20b7c160c9
-
SHA256
e98c4838e54ef864a67ea9a1e270dbd82ca3ce6bd87ed046e9458d942a62e5e8
-
SHA512
41aac54b2de5822bccd48e8aa7c22f1532caaf1e14a5403dcd8f7bb125f7d5e0743f812d71b9acb810c3e1f72c10a181333071c642e3e34f1e1f120afbc46446
-
SSDEEP
24576:R+HKqQzIVAm7ABCK30SYjzomOsGZjCByf7I3VF8V5IUTpkXQEx+orO8m0vhi5Cb4:RgImU0QExpiWe0pEb2Kr
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1756 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2412 wrote to memory of 1756 2412 rundll32.exe 30 PID 2412 wrote to memory of 1756 2412 rundll32.exe 30 PID 2412 wrote to memory of 1756 2412 rundll32.exe 30 PID 2412 wrote to memory of 1756 2412 rundll32.exe 30 PID 2412 wrote to memory of 1756 2412 rundll32.exe 30 PID 2412 wrote to memory of 1756 2412 rundll32.exe 30 PID 2412 wrote to memory of 1756 2412 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e98c4838e54ef864a67ea9a1e270dbd82ca3ce6bd87ed046e9458d942a62e5e8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2412 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e98c4838e54ef864a67ea9a1e270dbd82ca3ce6bd87ed046e9458d942a62e5e8.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:1756
-