Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
21/09/2023, 20:27
Static task
static1
Behavioral task
behavioral1
Sample
1baf03f4966dec55d25a609e73ca7a1bda8ba60a3859877a0669e899abc53d6d.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
1baf03f4966dec55d25a609e73ca7a1bda8ba60a3859877a0669e899abc53d6d.dll
Resource
win10v2004-20230915-en
General
-
Target
1baf03f4966dec55d25a609e73ca7a1bda8ba60a3859877a0669e899abc53d6d.dll
-
Size
2.1MB
-
MD5
bda1dc1f1131d3644352b697bac4b68f
-
SHA1
8acf49f9a2c323e88e110de9ec2e554bc268a336
-
SHA256
1baf03f4966dec55d25a609e73ca7a1bda8ba60a3859877a0669e899abc53d6d
-
SHA512
5fe12599ca09221bebc7a41d2e24f1ffb3628b4fc74bbcbf202740eb64ec7b57fe8e9b71ebd29cbfc1bbdea04690c8426887f0731ed4a9deadbed1f578567c43
-
SSDEEP
49152:vcz84Bom/mJoQAXJmhmEfZOkNPSTqctjRTDpJMMx:k7Wm/eMcnPSTqsL5x
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2196 wrote to memory of 2808 2196 rundll32.exe 28 PID 2196 wrote to memory of 2808 2196 rundll32.exe 28 PID 2196 wrote to memory of 2808 2196 rundll32.exe 28 PID 2196 wrote to memory of 2808 2196 rundll32.exe 28 PID 2196 wrote to memory of 2808 2196 rundll32.exe 28 PID 2196 wrote to memory of 2808 2196 rundll32.exe 28 PID 2196 wrote to memory of 2808 2196 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1baf03f4966dec55d25a609e73ca7a1bda8ba60a3859877a0669e899abc53d6d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2196 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1baf03f4966dec55d25a609e73ca7a1bda8ba60a3859877a0669e899abc53d6d.dll,#12⤵PID:2808
-