Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 21:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
03e9de3a0af54e619514051d8c685dab.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
03e9de3a0af54e619514051d8c685dab.dll
Resource
win10v2004-20231222-en
3 signatures
150 seconds
General
-
Target
03e9de3a0af54e619514051d8c685dab.dll
-
Size
69KB
-
MD5
03e9de3a0af54e619514051d8c685dab
-
SHA1
2d74740cf8648b92fa3c2b2ec218b327c92e1f43
-
SHA256
706c11b3cbc32edd0a7d968ad9761f3f5eee9fa61744175ef1c697c81f076f6b
-
SHA512
94f9f4cb53db51433d5a58773530330b025afb0f5ea61d328f865992d0ba0cf66f198882850fa30de5dc53a68cf45ae373b20a049f9b71123d9033bdea1a2a33
-
SSDEEP
1536:nYwJaZy+OgCTNBUmLQXc3mSeE/FNTFiSm+KoozOpnoKujAfWbeAyR2FV9Qhd52NW:vFQM3mSvFiSczwno/jsWG2FVOh72Nct9
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1428 wrote to memory of 2104 1428 rundll32.exe 28 PID 1428 wrote to memory of 2104 1428 rundll32.exe 28 PID 1428 wrote to memory of 2104 1428 rundll32.exe 28 PID 1428 wrote to memory of 2104 1428 rundll32.exe 28 PID 1428 wrote to memory of 2104 1428 rundll32.exe 28 PID 1428 wrote to memory of 2104 1428 rundll32.exe 28 PID 1428 wrote to memory of 2104 1428 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03e9de3a0af54e619514051d8c685dab.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1428 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03e9de3a0af54e619514051d8c685dab.dll,#12⤵PID:2104
-