Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
28/12/2023, 11:47
Behavioral task
behavioral1
Sample
dca564f509a3aa5a7f748f67607c6854.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
dca564f509a3aa5a7f748f67607c6854.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
dca564f509a3aa5a7f748f67607c6854.dll
-
Size
48KB
-
MD5
dca564f509a3aa5a7f748f67607c6854
-
SHA1
2392b9b77dc5716a3b5977b558b3edbbda99f715
-
SHA256
b8eb9d67513a1202a469b706ca34fcb509f17bbf51894e210fb5a073ba34c21c
-
SHA512
527ed0f875be78ee0cbd545d1e3c88a78a445a2bfe87bcc5026b4455256537c046505db8f9be4bb6b71b0b20069872d4b021ba01b9ba335064d02485bdf3a06a
-
SSDEEP
768:BR7dOahyoHokBtqN74W7bZZmYb9PyzcjRlYlwa6NVdkPnJJMIEV:8aAoHoc2x7bZoYBAcQlwJdMo
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3028 wrote to memory of 1756 3028 rundll32.exe 28 PID 3028 wrote to memory of 1756 3028 rundll32.exe 28 PID 3028 wrote to memory of 1756 3028 rundll32.exe 28 PID 3028 wrote to memory of 1756 3028 rundll32.exe 28 PID 3028 wrote to memory of 1756 3028 rundll32.exe 28 PID 3028 wrote to memory of 1756 3028 rundll32.exe 28 PID 3028 wrote to memory of 1756 3028 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dca564f509a3aa5a7f748f67607c6854.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3028 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dca564f509a3aa5a7f748f67607c6854.dll,#12⤵PID:1756
-