Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 12:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
36fb76c2bf39a5c3462854929acac3c2.dll
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
36fb76c2bf39a5c3462854929acac3c2.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
36fb76c2bf39a5c3462854929acac3c2.dll
-
Size
18KB
-
MD5
36fb76c2bf39a5c3462854929acac3c2
-
SHA1
794786d156c9143093a4cf3d86f015400139dd23
-
SHA256
58d0122ca00c1df85629cf197791719fdf945242f5262dbf06b5bf751bf246ec
-
SHA512
7736ec38341140ee7dd3fb04c488d815668a16ff3107602381d40c970ec96f15219ebd115434c8fd47313481260415c672299cf615b4e94b13dd873d80c136f0
-
SSDEEP
384:hzz6zyedK/Y/vWTWuDu/IpsIWi2MIu93y9p/OIHKBO:6yeKcW6GNsrsup/OIHW
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2760 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2720 wrote to memory of 2760 2720 rundll32.exe 27 PID 2720 wrote to memory of 2760 2720 rundll32.exe 27 PID 2720 wrote to memory of 2760 2720 rundll32.exe 27 PID 2720 wrote to memory of 2760 2720 rundll32.exe 27 PID 2720 wrote to memory of 2760 2720 rundll32.exe 27 PID 2720 wrote to memory of 2760 2720 rundll32.exe 27 PID 2720 wrote to memory of 2760 2720 rundll32.exe 27
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\36fb76c2bf39a5c3462854929acac3c2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2720 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\36fb76c2bf39a5c3462854929acac3c2.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
PID:2760
-