Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
28/12/2023, 23:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ffc54402079159b1c512739a73009bae.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ffc54402079159b1c512739a73009bae.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
ffc54402079159b1c512739a73009bae.dll
-
Size
77KB
-
MD5
ffc54402079159b1c512739a73009bae
-
SHA1
63fa424d2cb75c29437a465ac2ae8471e43365dc
-
SHA256
e434a177ccbbea6e31655a567b4e80921a68cc023c769fb495a8f92eec76c51b
-
SHA512
f9d2592c12a14b8117d4e9f48508871964434fd0dcf8b5c2d376ae02f2d498a134db7e0f0e1e5b8b2e7eb0e4ae15dd3fa215c2cb59a38eebb69c418804b43970
-
SSDEEP
1536:BhmsNgmR8ofV0VQfMT/d00Zgk3D0VtqoucTc7q:BhJN8oCQwFvDMtqou4cu
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1768 wrote to memory of 2392 1768 rundll32.exe 28 PID 1768 wrote to memory of 2392 1768 rundll32.exe 28 PID 1768 wrote to memory of 2392 1768 rundll32.exe 28 PID 1768 wrote to memory of 2392 1768 rundll32.exe 28 PID 1768 wrote to memory of 2392 1768 rundll32.exe 28 PID 1768 wrote to memory of 2392 1768 rundll32.exe 28 PID 1768 wrote to memory of 2392 1768 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ffc54402079159b1c512739a73009bae.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1768 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ffc54402079159b1c512739a73009bae.dll,#12⤵PID:2392
-