Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
12/10/2023, 02:09
Behavioral task
behavioral1
Sample
3f2e005c34710cd0a39b7c2b14296557ac9065d41e09893c072c258e0af02acd.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
3f2e005c34710cd0a39b7c2b14296557ac9065d41e09893c072c258e0af02acd.dll
Resource
win10v2004-20230915-en
General
-
Target
3f2e005c34710cd0a39b7c2b14296557ac9065d41e09893c072c258e0af02acd.dll
-
Size
899KB
-
MD5
43ef6ec10c322eed27d6c3a66cceaac2
-
SHA1
5cb540d9938cde16fc7ba10017f70110137edee9
-
SHA256
3f2e005c34710cd0a39b7c2b14296557ac9065d41e09893c072c258e0af02acd
-
SHA512
883b5f0c0078851b81c044b64f02d3afc24f484e9aabb9a1bda2e49db52525cdb77dbb696070aa1ca481921c7cf3b71347cbf9fe2b9105172ba8a59b03ca4799
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXv:7wqd87Vv
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2308 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1864 wrote to memory of 2308 1864 rundll32.exe 28 PID 1864 wrote to memory of 2308 1864 rundll32.exe 28 PID 1864 wrote to memory of 2308 1864 rundll32.exe 28 PID 1864 wrote to memory of 2308 1864 rundll32.exe 28 PID 1864 wrote to memory of 2308 1864 rundll32.exe 28 PID 1864 wrote to memory of 2308 1864 rundll32.exe 28 PID 1864 wrote to memory of 2308 1864 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f2e005c34710cd0a39b7c2b14296557ac9065d41e09893c072c258e0af02acd.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1864 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3f2e005c34710cd0a39b7c2b14296557ac9065d41e09893c072c258e0af02acd.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2308
-