Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 07:13
Behavioral task
behavioral1
Sample
0deee029f319e90c1674a1f1f2f3effd.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0deee029f319e90c1674a1f1f2f3effd.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
0deee029f319e90c1674a1f1f2f3effd.dll
-
Size
60KB
-
MD5
0deee029f319e90c1674a1f1f2f3effd
-
SHA1
338a4bc617f23f02c632a399af426a0da3f09b63
-
SHA256
bd2981c606f836bdfb99e810bbc2175094e23f9febd2e15834f5649501dccffc
-
SHA512
98688f4a8ce394696ca0b714d74c92be784b77c26a17d9b90551879f9d81d08a4dc2609f6bb153ec01a70c7b7d894f91da7186fcbe373bef989427b6a9c26828
-
SSDEEP
1536:PSbdSCMSJq5bXgfKZMsC0MQUEN+EVM/QAU+1:6dhqpXpZMsCHaN+yE1
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2472 wrote to memory of 2844 2472 rundll32.exe 14 PID 2472 wrote to memory of 2844 2472 rundll32.exe 14 PID 2472 wrote to memory of 2844 2472 rundll32.exe 14 PID 2472 wrote to memory of 2844 2472 rundll32.exe 14 PID 2472 wrote to memory of 2844 2472 rundll32.exe 14 PID 2472 wrote to memory of 2844 2472 rundll32.exe 14 PID 2472 wrote to memory of 2844 2472 rundll32.exe 14
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0deee029f319e90c1674a1f1f2f3effd.dll,#11⤵PID:2844
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0deee029f319e90c1674a1f1f2f3effd.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2472