Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
133s -
platform
windows7_x64 -
resource
win7-20231025-en -
resource tags
arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system -
submitted
15/11/2023, 11:59
Static task
static1
Behavioral task
behavioral1
Sample
b7a056988bfc790518306cd87af5a7b3fa9a75b68aaed1b4a86ae4cd2bc674f6.dll
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
b7a056988bfc790518306cd87af5a7b3fa9a75b68aaed1b4a86ae4cd2bc674f6.dll
Resource
win10v2004-20231025-en
General
-
Target
b7a056988bfc790518306cd87af5a7b3fa9a75b68aaed1b4a86ae4cd2bc674f6.dll
-
Size
121KB
-
MD5
c7d307d036f1129636bed49dcfaa444c
-
SHA1
632c83fd329fe80e6aac51c17e74de348ef62dc4
-
SHA256
b7a056988bfc790518306cd87af5a7b3fa9a75b68aaed1b4a86ae4cd2bc674f6
-
SHA512
0bd429b54bf8e91f738c1b05497449c9d8c3babc84211d473635242ce407f4901f225c5c662ecc7e114cb26ad124fcfdd487eae78228d93bb6e481aac8a39b09
-
SSDEEP
1536:7bFoFiH24cMPFviOEN85zGhu9Q25SlBToCXnNR:7beFidca0N81pCZToin7
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1676 wrote to memory of 1816 1676 rundll32.exe 28 PID 1676 wrote to memory of 1816 1676 rundll32.exe 28 PID 1676 wrote to memory of 1816 1676 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b7a056988bfc790518306cd87af5a7b3fa9a75b68aaed1b4a86ae4cd2bc674f6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1676 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1676 -s 1082⤵PID:1816
-