Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 22:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
064acb0f7e29378d3cedbb787e8024eb.dll
Resource
win7-20231215-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
064acb0f7e29378d3cedbb787e8024eb.dll
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
064acb0f7e29378d3cedbb787e8024eb.dll
-
Size
4KB
-
MD5
064acb0f7e29378d3cedbb787e8024eb
-
SHA1
8393a8e40a410088e0d1234cc9b67b0bd71a1365
-
SHA256
67a88f48876950bfb2354a4f6d675e9a9755d8b5d5b3a8179bc55a1e7a2c2677
-
SHA512
e2f9dfe35ddef822482a110cf0e56368b1e9461def3c85d42cd7cc10897558ec5f3469034e9ebe9b2b0d2c15de43ade4dd2ea37eabf42ff91d4dc33c17d61d36
-
SSDEEP
96:WPgNpNSn6ki3Rw878ttkM3lzTXA2KupGjjlkgcwQwTKpDC:WYk61RJmSWlzTZpGXlkgUwuw
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1948 rundll32.exe 1948 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1948 rundll32.exe -
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2488 wrote to memory of 1948 2488 rundll32.exe 28 PID 2488 wrote to memory of 1948 2488 rundll32.exe 28 PID 2488 wrote to memory of 1948 2488 rundll32.exe 28 PID 2488 wrote to memory of 1948 2488 rundll32.exe 28 PID 2488 wrote to memory of 1948 2488 rundll32.exe 28 PID 2488 wrote to memory of 1948 2488 rundll32.exe 28 PID 2488 wrote to memory of 1948 2488 rundll32.exe 28 PID 1948 wrote to memory of 1272 1948 rundll32.exe 16
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:1272
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\064acb0f7e29378d3cedbb787e8024eb.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2488 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\064acb0f7e29378d3cedbb787e8024eb.dll,#13⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1948
-
-