Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
26/12/2023, 11:28
Static task
static1
Behavioral task
behavioral1
Sample
6acacd37d3e41c3b1779c9bb1a98f92c.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
6acacd37d3e41c3b1779c9bb1a98f92c.dll
Resource
win10v2004-20231222-en
0 signatures
150 seconds
General
-
Target
6acacd37d3e41c3b1779c9bb1a98f92c.dll
-
Size
45KB
-
MD5
6acacd37d3e41c3b1779c9bb1a98f92c
-
SHA1
d95aeb3c4e6f9ded906aea54bb51a1e68391e89f
-
SHA256
42b50147461f1b8289cab7ba980dec9c4373d49216b0c1c23147fd53fe99316a
-
SHA512
3403bf7ac9c26432a86ad7d61d7a3148e15b10cfedc34d4ef1f15f269327217b8c6cb93243b8734d28e220af7e6afe9824549bd5fac737847fa3e537d85fdfa3
-
SSDEEP
768:KBtbBae/qB46qsmyhTjm+Y3A3v45xWbktQjMWAOj3sVsaHOIu6mgwt+TKAjHslKW:KnkepumyhRAv5xptQjMGrcHOIuFku7
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2076 wrote to memory of 1180 2076 rundll32.exe 28 PID 2076 wrote to memory of 1180 2076 rundll32.exe 28 PID 2076 wrote to memory of 1180 2076 rundll32.exe 28 PID 2076 wrote to memory of 1180 2076 rundll32.exe 28 PID 2076 wrote to memory of 1180 2076 rundll32.exe 28 PID 2076 wrote to memory of 1180 2076 rundll32.exe 28 PID 2076 wrote to memory of 1180 2076 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6acacd37d3e41c3b1779c9bb1a98f92c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2076 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6acacd37d3e41c3b1779c9bb1a98f92c.dll,#12⤵PID:1180
-