Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 23:34

General

  • Target

    071166cde5ad640d1a0e7bdc0455f1a5.dll

  • Size

    19KB

  • MD5

    071166cde5ad640d1a0e7bdc0455f1a5

  • SHA1

    cfdc39554dc6422873bccd1c535f033a6f8f8591

  • SHA256

    a95ea31f9bd21ef9ea116b1aaec7496d31db0f79cc722d0408b2a6121b2b4868

  • SHA512

    ab237c256f7cde159c770c8c66f92a444522226a8cc2131508dbf267bd36a5df6dc209b4a59eb6e7df2854587f9c4f3aa3ca6a0c5a994dc70c019ce5362ee9ae

  • SSDEEP

    384:eJJeUJFzFBGsCMAmbGxymkX6e2orip1ueM:ejhzF8sCMFCMp9Brs1pM

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 56 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\071166cde5ad640d1a0e7bdc0455f1a5.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious behavior: EnumeratesProcesses
    PID:1944
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\071166cde5ad640d1a0e7bdc0455f1a5.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads