Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
62s -
max time network
91s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
05/01/2024, 07:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4320eedb550a6c2e88de1864332ec2e1.dll
Resource
win7-20231215-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
4320eedb550a6c2e88de1864332ec2e1.dll
Resource
win10v2004-20231222-en
2 signatures
150 seconds
General
-
Target
4320eedb550a6c2e88de1864332ec2e1.dll
-
Size
14KB
-
MD5
4320eedb550a6c2e88de1864332ec2e1
-
SHA1
211be7dc88f8db7f6dd6bfc1b855aa71895b8137
-
SHA256
181c4c6f3bd4197513f29d051386f57e2b7899a35cdefe66b48cc40fc5557aae
-
SHA512
6411a64c712eb603f39e41ebeb799b8fbb8c2a0e9b84c5aa461069aa2e4dc7970b8e2d8dcdacf209d85777b99160aa58a902f40d274b2f8725197f6d465eaa01
-
SSDEEP
192:bZXlQfsPDrIddZlG+ZSrJc6II3CD6mooBRKj85v/OIQkkNE+8hb6AyvWeck:VVdPfUZy3CD6LoBRfv/9WEd4eeck
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
flow pid Process 2 2952 rundll32.exe 3 2952 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2580 wrote to memory of 2952 2580 rundll32.exe 29 PID 2580 wrote to memory of 2952 2580 rundll32.exe 29 PID 2580 wrote to memory of 2952 2580 rundll32.exe 29 PID 2580 wrote to memory of 2952 2580 rundll32.exe 29 PID 2580 wrote to memory of 2952 2580 rundll32.exe 29 PID 2580 wrote to memory of 2952 2580 rundll32.exe 29 PID 2580 wrote to memory of 2952 2580 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4320eedb550a6c2e88de1864332ec2e1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2580 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4320eedb550a6c2e88de1864332ec2e1.dll,#12⤵
- Blocklisted process makes network request
PID:2952
-