Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    05/11/2023, 12:43

General

  • Target

    f54cbb970ee24566e0a495b69477dc1d814d343847c1433abfc9ed279d282c36.dll

  • Size

    51KB

  • MD5

    95ca01135c5d53e3be3cedd27a8ffbaa

  • SHA1

    5f05abced95a90b94c6c944b27096e2d1798b763

  • SHA256

    f54cbb970ee24566e0a495b69477dc1d814d343847c1433abfc9ed279d282c36

  • SHA512

    66bdf1f6cbdd7f85b929c259bed742a52670ef71b7155f1653876e08a1437b7eacb1c762bb047535de4ccd34dbf85630edce00c577a1b8789e7282f7cfb57629

  • SSDEEP

    768:3Er7XR1M6t6FikUE58ozVOB+6QcXn0cE5Y18BtrEZJjuSkwFOBezfsAMC6Hh4:3EXXM2HEhzVWKtrEZFxFOBkpMC6H

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\f54cbb970ee24566e0a495b69477dc1d814d343847c1433abfc9ed279d282c36.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1712
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\f54cbb970ee24566e0a495b69477dc1d814d343847c1433abfc9ed279d282c36.dll,#1
      2⤵
      • Suspicious behavior: RenamesItself
      PID:2448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads