Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 03:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0dab1f74a471d9ffa3bcd099d69e0940.dll
Resource
win7-20231129-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
0dab1f74a471d9ffa3bcd099d69e0940.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
0dab1f74a471d9ffa3bcd099d69e0940.dll
-
Size
109KB
-
MD5
0dab1f74a471d9ffa3bcd099d69e0940
-
SHA1
17612520b155e2bb806b4254984202e72db64c3d
-
SHA256
ab9c7db0600ef90fb8586c9cc312fafcc088db168e6f5294758280b0e5cdb354
-
SHA512
484cdb2c959dc6db20c4943af307e6fb1492d5810d478a80c336889de2ff2f8d33670f87fc390bd2c25bef566e947bce65a2e32e6266d79909b9d2b04534ab01
-
SSDEEP
768:R/X1UrDK6VcbqpDao+lSLyogMjX8JloTYtCoOVgBj7ZljA:hOZcbqglSu1UsJtfOKBj7ZljA
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2912 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2968 wrote to memory of 2912 2968 rundll32.exe 28 PID 2968 wrote to memory of 2912 2968 rundll32.exe 28 PID 2968 wrote to memory of 2912 2968 rundll32.exe 28 PID 2968 wrote to memory of 2912 2968 rundll32.exe 28 PID 2968 wrote to memory of 2912 2968 rundll32.exe 28 PID 2968 wrote to memory of 2912 2968 rundll32.exe 28 PID 2968 wrote to memory of 2912 2968 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0dab1f74a471d9ffa3bcd099d69e0940.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0dab1f74a471d9ffa3bcd099d69e0940.dll,#12⤵
- Suspicious use of SetWindowsHookEx
PID:2912
-