Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system -
submitted
16/11/2023, 19:45
Behavioral task
behavioral1
Sample
d1fd07de86be7f5e1e5f55b0a5758b04c205dac938858449079ffb1831fc388e.dll
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
d1fd07de86be7f5e1e5f55b0a5758b04c205dac938858449079ffb1831fc388e.dll
Resource
win10v2004-20231020-en
General
-
Target
d1fd07de86be7f5e1e5f55b0a5758b04c205dac938858449079ffb1831fc388e.dll
-
Size
899KB
-
MD5
323cb9dbd7e9965e977c6a032f94075d
-
SHA1
c242ddc6292789ab9972a05a8ff01ddf5764abec
-
SHA256
d1fd07de86be7f5e1e5f55b0a5758b04c205dac938858449079ffb1831fc388e
-
SHA512
3221d31f173f4dd9c9eb50587e8c3673e57ecb212514b609953105a14e7959daddaafaeef98f1a3e7c9067f66472741ba588895ce3566273342a643f78c66c42
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXJ:7wqd87VJ
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 1464 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1888 wrote to memory of 1464 1888 rundll32.exe 28 PID 1888 wrote to memory of 1464 1888 rundll32.exe 28 PID 1888 wrote to memory of 1464 1888 rundll32.exe 28 PID 1888 wrote to memory of 1464 1888 rundll32.exe 28 PID 1888 wrote to memory of 1464 1888 rundll32.exe 28 PID 1888 wrote to memory of 1464 1888 rundll32.exe 28 PID 1888 wrote to memory of 1464 1888 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d1fd07de86be7f5e1e5f55b0a5758b04c205dac938858449079ffb1831fc388e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1888 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d1fd07de86be7f5e1e5f55b0a5758b04c205dac938858449079ffb1831fc388e.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:1464
-