Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
15/10/2023, 15:05
Static task
static1
Behavioral task
behavioral1
Sample
b01b8194290fecdf7481b859ec38a3a0_dll32_JC.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
b01b8194290fecdf7481b859ec38a3a0_dll32_JC.dll
Resource
win10v2004-20230915-en
General
-
Target
b01b8194290fecdf7481b859ec38a3a0_dll32_JC.dll
-
Size
14KB
-
MD5
b01b8194290fecdf7481b859ec38a3a0
-
SHA1
0036780e105b0e2831b5f5536dcefff104627278
-
SHA256
6ec3c37180a493f8f0acdd004addb3bc106f11292617122c319d5ea6b7d3784c
-
SHA512
1d06797e3106d2f6c11d337e86656eb0f99857662a90d765d9967793978af89c35ce5bea21c28ba8e5730e201df1efeb31e4b357d9467962e2756c3f4fb13be5
-
SSDEEP
192:nOsSMaQDi4du+RfSgWJCJ9VprGyk5vi4m7VccEHoVt8L9d9CAT3X7jGR0It2:nOVak+RoCJHwf1mxccEHT9CCLjGWIt2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2224 wrote to memory of 3004 2224 rundll32.exe 28 PID 2224 wrote to memory of 3004 2224 rundll32.exe 28 PID 2224 wrote to memory of 3004 2224 rundll32.exe 28 PID 2224 wrote to memory of 3004 2224 rundll32.exe 28 PID 2224 wrote to memory of 3004 2224 rundll32.exe 28 PID 2224 wrote to memory of 3004 2224 rundll32.exe 28 PID 2224 wrote to memory of 3004 2224 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b01b8194290fecdf7481b859ec38a3a0_dll32_JC.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b01b8194290fecdf7481b859ec38a3a0_dll32_JC.dll,#12⤵PID:3004
-