Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
144s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 02:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0c548c7f2e1ababefefeaa43a3980d2d.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
0c548c7f2e1ababefefeaa43a3980d2d.dll
Resource
win10v2004-20231222-en
1 signatures
150 seconds
General
-
Target
0c548c7f2e1ababefefeaa43a3980d2d.dll
-
Size
248KB
-
MD5
0c548c7f2e1ababefefeaa43a3980d2d
-
SHA1
b01ee1c7e9d429acbe3e99cf45d649b164a87115
-
SHA256
9956422b6d13e04edc980e7e046c25939521b86f980520d115283c8716fad10c
-
SHA512
fcb0b9958fa7b85976f6f985fe2ddd7bc830ca0027a580498a53f671750675bece6ac4a9fc9b91faab2ca75f3ad7eb115253c5b94b06581ba18b42b77301f2c6
-
SSDEEP
3072:jV8+H5QROc2O9DOcfhFPOfuA6mabApqrHIZ9AGp1k6oaRoB9prb/n:jYROc2IfhJauAnGg0orcgE9pv
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2684 wrote to memory of 2936 2684 rundll32.exe 28 PID 2684 wrote to memory of 2936 2684 rundll32.exe 28 PID 2684 wrote to memory of 2936 2684 rundll32.exe 28 PID 2684 wrote to memory of 2936 2684 rundll32.exe 28 PID 2684 wrote to memory of 2936 2684 rundll32.exe 28 PID 2684 wrote to memory of 2936 2684 rundll32.exe 28 PID 2684 wrote to memory of 2936 2684 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0c548c7f2e1ababefefeaa43a3980d2d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2684 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0c548c7f2e1ababefefeaa43a3980d2d.dll,#12⤵PID:2936
-