Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 15:37
Static task
static1
Behavioral task
behavioral1
Sample
29d83b97489346cd1aee4df04b3bd13d.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
29d83b97489346cd1aee4df04b3bd13d.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
29d83b97489346cd1aee4df04b3bd13d.dll
-
Size
841KB
-
MD5
29d83b97489346cd1aee4df04b3bd13d
-
SHA1
c827ac70a83003de93bddb745d7d26c5a492e5f5
-
SHA256
227d9442c49650f6166ca6ee1142f812885947537e02578da69bdf5f005ee412
-
SHA512
6de84ac2ea5ea8be27f3dc5862d4b278a7f26733c96ad4cf3c62722725ae168d66153ba177f3b64fd49c2de4ce3b2512b0e5f6c2e9e03d02470179142e754982
-
SSDEEP
12288:1fP9lqzCilr/vdp1ykGiKxBfZMQyE63b46Ipc3abDwf7a4JFtRsoy/:1fvNilr/1p1GbxB4I1wbJ1c
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2224 wrote to memory of 1288 2224 rundll32.exe 28 PID 2224 wrote to memory of 1288 2224 rundll32.exe 28 PID 2224 wrote to memory of 1288 2224 rundll32.exe 28 PID 2224 wrote to memory of 1288 2224 rundll32.exe 28 PID 2224 wrote to memory of 1288 2224 rundll32.exe 28 PID 2224 wrote to memory of 1288 2224 rundll32.exe 28 PID 2224 wrote to memory of 1288 2224 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29d83b97489346cd1aee4df04b3bd13d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2224 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\29d83b97489346cd1aee4df04b3bd13d.dll,#12⤵PID:1288
-