Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
28/08/2023, 15:49
Behavioral task
behavioral1
Sample
748391082365ba773518c9020c49bda686624741dfd7f0ebc2265f406c0efa2c.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
748391082365ba773518c9020c49bda686624741dfd7f0ebc2265f406c0efa2c.dll
Resource
win10v2004-20230703-en
General
-
Target
748391082365ba773518c9020c49bda686624741dfd7f0ebc2265f406c0efa2c.dll
-
Size
899KB
-
MD5
f599507b1b6fd5b1af7ee16ccc390aac
-
SHA1
9e5f6f645996a60c528fd2314fd72852ae3c4191
-
SHA256
748391082365ba773518c9020c49bda686624741dfd7f0ebc2265f406c0efa2c
-
SHA512
77ade079f8263cac9479c68941c694b60b7f945e86b551db4e751f2591c0dda671b70c435296ad5a1f226c65f805d2e2830d8fa7e1a7f745c3a1b4a79159b997
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXU:7wqd87VU
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2644 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2504 wrote to memory of 2644 2504 rundll32.exe 28 PID 2504 wrote to memory of 2644 2504 rundll32.exe 28 PID 2504 wrote to memory of 2644 2504 rundll32.exe 28 PID 2504 wrote to memory of 2644 2504 rundll32.exe 28 PID 2504 wrote to memory of 2644 2504 rundll32.exe 28 PID 2504 wrote to memory of 2644 2504 rundll32.exe 28 PID 2504 wrote to memory of 2644 2504 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\748391082365ba773518c9020c49bda686624741dfd7f0ebc2265f406c0efa2c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2504 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\748391082365ba773518c9020c49bda686624741dfd7f0ebc2265f406c0efa2c.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2644
-