Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
10/10/2023, 21:11
Behavioral task
behavioral1
Sample
072dde30e71e0aa68aefaf60885d0722ad90e05e0b6e2e113abc5b08b12a860a.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
072dde30e71e0aa68aefaf60885d0722ad90e05e0b6e2e113abc5b08b12a860a.dll
Resource
win10v2004-20230915-en
General
-
Target
072dde30e71e0aa68aefaf60885d0722ad90e05e0b6e2e113abc5b08b12a860a.dll
-
Size
50KB
-
MD5
7820afb698ceb876f8600a86eae27961
-
SHA1
d20d5fdb54ce83c3299ae10bc63be2007f2e86fd
-
SHA256
072dde30e71e0aa68aefaf60885d0722ad90e05e0b6e2e113abc5b08b12a860a
-
SHA512
51d69d8517487685d55cc813c38e1dcb72782b6c660c4e73bd50437bbdf13034cda5c30ebb92f70cb6c321d663c6cd64f3817f2602d9efe5d04ecb81edff25cf
-
SSDEEP
1536:WD1N4TeeWMWfPbp2WTrW9L3JPPgJ+o5sJYH:W5ReWjTrW9rNPgYomJYH
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2304 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2344 wrote to memory of 2304 2344 rundll32.exe 27 PID 2344 wrote to memory of 2304 2344 rundll32.exe 27 PID 2344 wrote to memory of 2304 2344 rundll32.exe 27 PID 2344 wrote to memory of 2304 2344 rundll32.exe 27 PID 2344 wrote to memory of 2304 2344 rundll32.exe 27 PID 2344 wrote to memory of 2304 2344 rundll32.exe 27 PID 2344 wrote to memory of 2304 2344 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\072dde30e71e0aa68aefaf60885d0722ad90e05e0b6e2e113abc5b08b12a860a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2344 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\072dde30e71e0aa68aefaf60885d0722ad90e05e0b6e2e113abc5b08b12a860a.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2304
-