Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
09/01/2024, 11:41
Static task
static1
Behavioral task
behavioral1
Sample
03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9.dll
Resource
win10v2004-20231215-en
General
-
Target
03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9.dll
-
Size
397KB
-
MD5
d7af76201066a059719e1103fbbe4805
-
SHA1
aac00a2e37a4460b4ff392a702238712b550e279
-
SHA256
03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9
-
SHA512
5e3d17ebd344a7f3261fe9441a97fb7f78ae15d45425539dc50f42de42c456581a7c64d29c6db449e6cfce78fec250f0fbe47b7a69aa5caea1cedbdd3f344b42
-
SSDEEP
6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaQ:174g2LDeiPDImOkx2LIaQ
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2372 rundll32.exe 2372 rundll32.exe 2372 rundll32.exe 2372 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2372 rundll32.exe Token: SeTcbPrivilege 2372 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2184 wrote to memory of 2372 2184 rundll32.exe 28 PID 2184 wrote to memory of 2372 2184 rundll32.exe 28 PID 2184 wrote to memory of 2372 2184 rundll32.exe 28 PID 2184 wrote to memory of 2372 2184 rundll32.exe 28 PID 2184 wrote to memory of 2372 2184 rundll32.exe 28 PID 2184 wrote to memory of 2372 2184 rundll32.exe 28 PID 2184 wrote to memory of 2372 2184 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2372
-