Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
04/01/2024, 04:05
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3fda19126ca1e7095a6fc6f2f98448e1.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
3fda19126ca1e7095a6fc6f2f98448e1.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
3fda19126ca1e7095a6fc6f2f98448e1.dll
-
Size
17KB
-
MD5
3fda19126ca1e7095a6fc6f2f98448e1
-
SHA1
9f4e83410bbf1a0e51338f3be6a0fa7808705506
-
SHA256
22a7bef820506413245fbf0ece3d5d69fe0d85865e6b2e2e146ac2aaa199a2bc
-
SHA512
f9fdf9e5aa4a4082be63f449b37fa9ef1ee4ffe58b13d9c87f1b0c1ff80457eed6dc589aa03613fa8c0e2d7617b0f02e05ac7b966b6f12ad488c533e59567ec9
-
SSDEEP
384:35pHHHZcmWSe1biMGxqATY4TZ3mR08FWGDnS:35JnZcmWcHx84TZ3NcS
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2640 wrote to memory of 2088 2640 rundll32.exe 28 PID 2640 wrote to memory of 2088 2640 rundll32.exe 28 PID 2640 wrote to memory of 2088 2640 rundll32.exe 28 PID 2640 wrote to memory of 2088 2640 rundll32.exe 28 PID 2640 wrote to memory of 2088 2640 rundll32.exe 28 PID 2640 wrote to memory of 2088 2640 rundll32.exe 28 PID 2640 wrote to memory of 2088 2640 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3fda19126ca1e7095a6fc6f2f98448e1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2640 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3fda19126ca1e7095a6fc6f2f98448e1.dll,#12⤵PID:2088
-