Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system -
submitted
23/10/2023, 08:40
Behavioral task
behavioral1
Sample
482bd9c4fc47e625fff7028e1c466b034619398b27f01b43e012fa390dd34720.dll
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
482bd9c4fc47e625fff7028e1c466b034619398b27f01b43e012fa390dd34720.dll
Resource
win10v2004-20231020-en
General
-
Target
482bd9c4fc47e625fff7028e1c466b034619398b27f01b43e012fa390dd34720.dll
-
Size
51KB
-
MD5
cb83e0929ab0dc5a83f89691e260db83
-
SHA1
e2ea18fb4beacd86f3f541427030ca5aa90e373d
-
SHA256
482bd9c4fc47e625fff7028e1c466b034619398b27f01b43e012fa390dd34720
-
SHA512
7c80743192e7aa8e087f2dca9c4e3415e7e474238822fa4621a31262aeca2edb5b5a87a251e57885f1217a1588553f446554db9c562b27480469f540d6607f69
-
SSDEEP
1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLtJYH5:1dWubF3n9S91BF3fboRJYH5
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2292 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2016 wrote to memory of 2292 2016 rundll32.exe 28 PID 2016 wrote to memory of 2292 2016 rundll32.exe 28 PID 2016 wrote to memory of 2292 2016 rundll32.exe 28 PID 2016 wrote to memory of 2292 2016 rundll32.exe 28 PID 2016 wrote to memory of 2292 2016 rundll32.exe 28 PID 2016 wrote to memory of 2292 2016 rundll32.exe 28 PID 2016 wrote to memory of 2292 2016 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\482bd9c4fc47e625fff7028e1c466b034619398b27f01b43e012fa390dd34720.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\482bd9c4fc47e625fff7028e1c466b034619398b27f01b43e012fa390dd34720.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2292
-