Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230824-en -
resource tags
arch:x64arch:x86image:win7-20230824-enlocale:en-usos:windows7-x64system -
submitted
28/08/2023, 01:16
Behavioral task
behavioral1
Sample
ce82167a62863a3a9e2cf1c2ae19ea0ffe136ecddeda731e3861150d2a4df0b5.dll
Resource
win7-20230824-en
Behavioral task
behavioral2
Sample
ce82167a62863a3a9e2cf1c2ae19ea0ffe136ecddeda731e3861150d2a4df0b5.dll
Resource
win10v2004-20230703-en
General
-
Target
ce82167a62863a3a9e2cf1c2ae19ea0ffe136ecddeda731e3861150d2a4df0b5.dll
-
Size
899KB
-
MD5
717951394f5964e99e66b30271c45e0a
-
SHA1
ee4502e25718d6e6837ad4fa64591ef46b90282d
-
SHA256
ce82167a62863a3a9e2cf1c2ae19ea0ffe136ecddeda731e3861150d2a4df0b5
-
SHA512
2db6f3bb0cfceb39b0d0e2ae2a285e46e75bf4aa07f48b4941984911bfadda0716b4ed0ffdf109cca1ab81805d688193124ad3d5a14a9e9daf7630893fce140d
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXJ:7wqd87VJ
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 3024 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3008 wrote to memory of 3024 3008 rundll32.exe 28 PID 3008 wrote to memory of 3024 3008 rundll32.exe 28 PID 3008 wrote to memory of 3024 3008 rundll32.exe 28 PID 3008 wrote to memory of 3024 3008 rundll32.exe 28 PID 3008 wrote to memory of 3024 3008 rundll32.exe 28 PID 3008 wrote to memory of 3024 3008 rundll32.exe 28 PID 3008 wrote to memory of 3024 3008 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ce82167a62863a3a9e2cf1c2ae19ea0ffe136ecddeda731e3861150d2a4df0b5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ce82167a62863a3a9e2cf1c2ae19ea0ffe136ecddeda731e3861150d2a4df0b5.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:3024
-