Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
09/01/2024, 07:57
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4dc697f3c4ef29b2c586010e988b2d46.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
4dc697f3c4ef29b2c586010e988b2d46.dll
Resource
win10v2004-20231215-en
2 signatures
150 seconds
General
-
Target
4dc697f3c4ef29b2c586010e988b2d46.dll
-
Size
205KB
-
MD5
4dc697f3c4ef29b2c586010e988b2d46
-
SHA1
4d373905b93f9162ff1648685b8c954fb17a064a
-
SHA256
e1ebe9b217756caa33752c2ddf9fff944d29f01457a9f55a508b2255e35a3964
-
SHA512
4544073d460d16e53c840e3bad37a95f1359761cb9180ff29d217d1c1aaa2c6bb7c135924de2df8578e22fe63f82a38501f8b6d91d048383caa13213d3d97ba1
-
SSDEEP
6144:rwyD+6Ek+Oxl8h6a7wVwdxp79+PxLO7Epab:rw41Ek+gl8hBQop7k6wpab
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1340 wrote to memory of 2200 1340 rundll32.exe 28 PID 1340 wrote to memory of 2200 1340 rundll32.exe 28 PID 1340 wrote to memory of 2200 1340 rundll32.exe 28 PID 1340 wrote to memory of 2200 1340 rundll32.exe 28 PID 1340 wrote to memory of 2200 1340 rundll32.exe 28 PID 1340 wrote to memory of 2200 1340 rundll32.exe 28 PID 1340 wrote to memory of 2200 1340 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4dc697f3c4ef29b2c586010e988b2d46.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1340 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4dc697f3c4ef29b2c586010e988b2d46.dll,#12⤵PID:2200
-