Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 05:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
581c9c4e26c57db9b9ae25aae771416e.dll
Resource
win7-20231129-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
581c9c4e26c57db9b9ae25aae771416e.dll
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
581c9c4e26c57db9b9ae25aae771416e.dll
-
Size
83KB
-
MD5
581c9c4e26c57db9b9ae25aae771416e
-
SHA1
402603381cf091ec933316cd233418a84c5cc78b
-
SHA256
dd48f150c55c3b09677bb4dfbc09f7535c9830141c914e11b675445ee8c90004
-
SHA512
7402e7579a205ae2df920dbe49869d7bc36a39c8e95ead14681621f3eb09ed07aa2df504addfd39d76df0820612fcf5e60d71052395af8361f034b4c56f43c66
-
SSDEEP
1536:Dv9FvxpmEyYVQixN60KC3aG6ktt2rXGRQTS6vjx433Q7WDSz:DvFgrG60KCKG6wtW0+ko
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2872 wrote to memory of 880 2872 rundll32.exe 20 PID 2872 wrote to memory of 880 2872 rundll32.exe 20 PID 2872 wrote to memory of 880 2872 rundll32.exe 20 PID 2872 wrote to memory of 880 2872 rundll32.exe 20 PID 2872 wrote to memory of 880 2872 rundll32.exe 20 PID 2872 wrote to memory of 880 2872 rundll32.exe 20 PID 2872 wrote to memory of 880 2872 rundll32.exe 20
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\581c9c4e26c57db9b9ae25aae771416e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\581c9c4e26c57db9b9ae25aae771416e.dll,#12⤵PID:880
-