Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
16/10/2023, 13:33
Static task
static1
Behavioral task
behavioral1
Sample
30ce47e06937b276aab7bd35e65678d64305066584aefe9150374a9f5d9dca84.dll
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
30ce47e06937b276aab7bd35e65678d64305066584aefe9150374a9f5d9dca84.dll
Resource
win10v2004-20230915-en
General
-
Target
30ce47e06937b276aab7bd35e65678d64305066584aefe9150374a9f5d9dca84.dll
-
Size
1.2MB
-
MD5
0b055670f32be7d0fd7ca9d49d57a1c9
-
SHA1
c005ebfa3337f9d6931df2070a84576a0ca45713
-
SHA256
30ce47e06937b276aab7bd35e65678d64305066584aefe9150374a9f5d9dca84
-
SHA512
d10d1bb4ba7d6ef164ceb567cb6ccd825d95f688c58b693d16748f3f845d7ded275e593c15ceca1081a154e25a70ea10000bbbee18f62b66a013fc6dc5eae1d6
-
SSDEEP
24576:UDcEKh1b+t2rVumJqHhWdgGzjNwT2t/OMgy/IgokjpkVb404EyIaNedj:EmdjJqWgMjEOQVVsMyIaEj
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2972 wrote to memory of 1236 2972 rundll32.exe 28 PID 2972 wrote to memory of 1236 2972 rundll32.exe 28 PID 2972 wrote to memory of 1236 2972 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\30ce47e06937b276aab7bd35e65678d64305066584aefe9150374a9f5d9dca84.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2972 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2972 -s 842⤵PID:1236
-