Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24/12/2023, 22:48
Static task
static1
Behavioral task
behavioral1
Sample
16f0f4b20a9b48165bfb57cc3d5973e2.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
16f0f4b20a9b48165bfb57cc3d5973e2.dll
Resource
win10v2004-20231215-en
0 signatures
150 seconds
General
-
Target
16f0f4b20a9b48165bfb57cc3d5973e2.dll
-
Size
840KB
-
MD5
16f0f4b20a9b48165bfb57cc3d5973e2
-
SHA1
4f3232a4422991338fb521563f4c4e7be3281e3e
-
SHA256
5e6c74f37146b589966735a18e200c0702ab8d2468f28bf188b0a183c8066018
-
SHA512
7067e85a64d7954a15a82cecadb6fa78b8873cfc77bdadcf940a950a86b523a78aff1e834d0334516d79a814c39ff3886232dfaf324c4e9fee8cb00bf0b35e11
-
SSDEEP
24576:oXUo20fmE6UOlXWN2jQWmNEkfzpqder58Xwkvt+q:0UoJfmEZOlXWo9gfzEQ8Xwdq
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1192 wrote to memory of 2500 1192 rundll32.exe 16 PID 1192 wrote to memory of 2500 1192 rundll32.exe 16 PID 1192 wrote to memory of 2500 1192 rundll32.exe 16 PID 1192 wrote to memory of 2500 1192 rundll32.exe 16 PID 1192 wrote to memory of 2500 1192 rundll32.exe 16 PID 1192 wrote to memory of 2500 1192 rundll32.exe 16 PID 1192 wrote to memory of 2500 1192 rundll32.exe 16
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16f0f4b20a9b48165bfb57cc3d5973e2.dll,#11⤵PID:2500
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\16f0f4b20a9b48165bfb57cc3d5973e2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1192