Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 06:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5a3cf599c82e008bffb278be8f57e60d.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
5a3cf599c82e008bffb278be8f57e60d.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
5a3cf599c82e008bffb278be8f57e60d.dll
-
Size
499KB
-
MD5
5a3cf599c82e008bffb278be8f57e60d
-
SHA1
1d858affecac71a1dafba51b36ded6ea01740da9
-
SHA256
8bfea74dc688cb38671870f56e510a08f43c8d1b56e3dc8e373fce93d207554c
-
SHA512
490ba2ee1bf6837907494f27992416e4e35af3692ed3020a94072fe58dedaa70e6e085b20f4187f6ece847fd87841003a2bec3b116f1a65b8183d38587894fae
-
SSDEEP
12288:dmgmyLCYuH975s/wpzeyYJptYdXUsVb+L:sgmLNeTbv
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1716 wrote to memory of 2516 1716 rundll32.exe 28 PID 1716 wrote to memory of 2516 1716 rundll32.exe 28 PID 1716 wrote to memory of 2516 1716 rundll32.exe 28 PID 1716 wrote to memory of 2516 1716 rundll32.exe 28 PID 1716 wrote to memory of 2516 1716 rundll32.exe 28 PID 1716 wrote to memory of 2516 1716 rundll32.exe 28 PID 1716 wrote to memory of 2516 1716 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5a3cf599c82e008bffb278be8f57e60d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1716 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5a3cf599c82e008bffb278be8f57e60d.dll,#12⤵PID:2516
-