Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07/01/2024, 21:31
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
49d202658d6d7810940166ba6ef9e4ff.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
49d202658d6d7810940166ba6ef9e4ff.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
49d202658d6d7810940166ba6ef9e4ff.dll
-
Size
56KB
-
MD5
49d202658d6d7810940166ba6ef9e4ff
-
SHA1
883fb80fdb1433c8cc61cfd74f6b726e75c52ee1
-
SHA256
c413936196daeeb1fa6c04dd153a97910b6ca0ea2e87cb423670cffbb2d79ac2
-
SHA512
be7ed7a952a5ed4b5356322d954a6fda87f4cdd180132cb3dc70d655c2a31fa41ecc0772bd23c60012deaa199fbbdbbe67c74b499d0a4a8684cfffe25b540441
-
SSDEEP
768:JpON/xpyeAXo9aq8vNH1P3URpFTTRc1zo3IHAe:yN/CpoHkd16tpF
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1512 wrote to memory of 3048 1512 rundll32.exe 28 PID 1512 wrote to memory of 3048 1512 rundll32.exe 28 PID 1512 wrote to memory of 3048 1512 rundll32.exe 28 PID 1512 wrote to memory of 3048 1512 rundll32.exe 28 PID 1512 wrote to memory of 3048 1512 rundll32.exe 28 PID 1512 wrote to memory of 3048 1512 rundll32.exe 28 PID 1512 wrote to memory of 3048 1512 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\49d202658d6d7810940166ba6ef9e4ff.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1512 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\49d202658d6d7810940166ba6ef9e4ff.dll,#12⤵PID:3048
-