Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
138s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 20:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3a9a121e775716aa222400c444d7c886.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3a9a121e775716aa222400c444d7c886.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
3a9a121e775716aa222400c444d7c886.dll
-
Size
84KB
-
MD5
3a9a121e775716aa222400c444d7c886
-
SHA1
82b32872c130bd82cb260cf96f793f3a7c5435b6
-
SHA256
57ba978c61b9f527c5f441256c5563734ba560f098b5b22b4fb2e5dec2b60383
-
SHA512
4645edf64366a43dbb3e5788aaf3c0225000f138b45161967959e7686566d93d145de4f930a21fecc5d68a8e5c141f71229be0f4cccadf520b6645b1b5fb3db9
-
SSDEEP
1536:MSaY+uEcUDS1d9+UbuMqJzQPiBfzSa7JEeT5EcwWMroLXPWG:L7+9hDafiMqJzQPCfm4JEeT5d4r3G
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2380 wrote to memory of 2452 2380 rundll32.exe 27 PID 2380 wrote to memory of 2452 2380 rundll32.exe 27 PID 2380 wrote to memory of 2452 2380 rundll32.exe 27 PID 2380 wrote to memory of 2452 2380 rundll32.exe 27 PID 2380 wrote to memory of 2452 2380 rundll32.exe 27 PID 2380 wrote to memory of 2452 2380 rundll32.exe 27 PID 2380 wrote to memory of 2452 2380 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3a9a121e775716aa222400c444d7c886.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3a9a121e775716aa222400c444d7c886.dll,#12⤵PID:2452
-