Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25/01/2024, 15:49
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
61bb485ef3ee09e6ada8c0a820a4d639cec6b98bfd35b4632f1425962ea94520.dll
Resource
win7-20231129-en
1 signatures
150 seconds
General
-
Target
61bb485ef3ee09e6ada8c0a820a4d639cec6b98bfd35b4632f1425962ea94520.dll
-
Size
2.3MB
-
MD5
fcb48cbe86787b7b8fce6b222bdfd8d7
-
SHA1
94b1fd70aaa59ac53a9e3665f931254721912a44
-
SHA256
61bb485ef3ee09e6ada8c0a820a4d639cec6b98bfd35b4632f1425962ea94520
-
SHA512
4e61b559e370fb87374a2e41245253b3baf44fac7128a548046ef7bf6cc550f5f76a0b8989f8dbc2e1b04d5924abffb7f7d6a4845fc052eee37cff53cb538fde
-
SSDEEP
24576:zUeaq7sJWp6sXczDHK2WQd7Hand4Mb7M64AA:f76zDq2WQd7Hand4Mb7M64AA
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2968 wrote to memory of 2344 2968 rundll32.exe 28 PID 2968 wrote to memory of 2344 2968 rundll32.exe 28 PID 2968 wrote to memory of 2344 2968 rundll32.exe 28 PID 2968 wrote to memory of 2344 2968 rundll32.exe 28 PID 2968 wrote to memory of 2344 2968 rundll32.exe 28 PID 2968 wrote to memory of 2344 2968 rundll32.exe 28 PID 2968 wrote to memory of 2344 2968 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\61bb485ef3ee09e6ada8c0a820a4d639cec6b98bfd35b4632f1425962ea94520.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\61bb485ef3ee09e6ada8c0a820a4d639cec6b98bfd35b4632f1425962ea94520.dll,#12⤵PID:2344
-