Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
12/10/2023, 21:44
Behavioral task
behavioral1
Sample
dfb777db0bc402620383ebd7c9ecb01ab07d3b4a1aad8185c8360beb04b25c9f.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
dfb777db0bc402620383ebd7c9ecb01ab07d3b4a1aad8185c8360beb04b25c9f.dll
Resource
win10v2004-20230915-en
General
-
Target
dfb777db0bc402620383ebd7c9ecb01ab07d3b4a1aad8185c8360beb04b25c9f.dll
-
Size
899KB
-
MD5
b195df1ad2204444385469320f0d13e5
-
SHA1
059be317543736718e7215dc1a62346b5d4ac0cb
-
SHA256
dfb777db0bc402620383ebd7c9ecb01ab07d3b4a1aad8185c8360beb04b25c9f
-
SHA512
c8fac1cc060c2defcad23b5c9da689419d1139f3dc69cfdb8a3ee2ecb3cd9fb90d92c70510aad106d9000adb1528b91b312a025bb3a604e48d6fc65aacf2f6d1
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PX2:7wqd87V2
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2224 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1600 wrote to memory of 2224 1600 rundll32.exe 28 PID 1600 wrote to memory of 2224 1600 rundll32.exe 28 PID 1600 wrote to memory of 2224 1600 rundll32.exe 28 PID 1600 wrote to memory of 2224 1600 rundll32.exe 28 PID 1600 wrote to memory of 2224 1600 rundll32.exe 28 PID 1600 wrote to memory of 2224 1600 rundll32.exe 28 PID 1600 wrote to memory of 2224 1600 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dfb777db0bc402620383ebd7c9ecb01ab07d3b4a1aad8185c8360beb04b25c9f.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1600 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dfb777db0bc402620383ebd7c9ecb01ab07d3b4a1aad8185c8360beb04b25c9f.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2224
-