Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
28/08/2023, 12:54
Behavioral task
behavioral1
Sample
7533b256eb6e33143526868f4c94309a4893eff5c95a1325bc4b63ab2ae5a8b2.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
7533b256eb6e33143526868f4c94309a4893eff5c95a1325bc4b63ab2ae5a8b2.dll
Resource
win10v2004-20230824-en
General
-
Target
7533b256eb6e33143526868f4c94309a4893eff5c95a1325bc4b63ab2ae5a8b2.dll
-
Size
899KB
-
MD5
ced017992cba7aa4e32b81c7280c9d4e
-
SHA1
f001615e8dca922febcd3dc7a77aa247ff4891e1
-
SHA256
7533b256eb6e33143526868f4c94309a4893eff5c95a1325bc4b63ab2ae5a8b2
-
SHA512
0633debacba3c91f53be4054f0ec444897ebdeadac3682d9c9158b9816ec5d1e412c534f222602a9f2595e5bf478caf7b943a3390f0ea6cf0d576ddd0f4be829
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXz:7wqd87Vz
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2100 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2384 wrote to memory of 2100 2384 rundll32.exe 28 PID 2384 wrote to memory of 2100 2384 rundll32.exe 28 PID 2384 wrote to memory of 2100 2384 rundll32.exe 28 PID 2384 wrote to memory of 2100 2384 rundll32.exe 28 PID 2384 wrote to memory of 2100 2384 rundll32.exe 28 PID 2384 wrote to memory of 2100 2384 rundll32.exe 28 PID 2384 wrote to memory of 2100 2384 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7533b256eb6e33143526868f4c94309a4893eff5c95a1325bc4b63ab2ae5a8b2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2384 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7533b256eb6e33143526868f4c94309a4893eff5c95a1325bc4b63ab2ae5a8b2.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2100
-