Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
04/02/2024, 13:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8f35fd19e2a20256445edcc2020fb589.dll
Resource
win7-20231215-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
8f35fd19e2a20256445edcc2020fb589.dll
Resource
win10v2004-20231215-en
1 signatures
150 seconds
General
-
Target
8f35fd19e2a20256445edcc2020fb589.dll
-
Size
65KB
-
MD5
8f35fd19e2a20256445edcc2020fb589
-
SHA1
9b941bdf38fa35ba295d96032d662063a272acdd
-
SHA256
c7356b8cb6f7d47f60618cba86ad3c8c52b22d36bc555b94ef5cbae37830e693
-
SHA512
086505c31df90d4139cdbbc1414dc775cacdbb95f7186f27b3b0ce9b9b34c63db11a83d7a03a0e57fc4901f60865665afc19160b20ca96a8fb13001980aee25a
-
SSDEEP
1536:9zcIb5woBUjdgUtAZ/3wz0Mzq3X4M0wTWqAiAGhUcBg:eE3DUtogz0Gq3XL0wTWbiAGhUr
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1720 wrote to memory of 2084 1720 rundll32.exe 28 PID 1720 wrote to memory of 2084 1720 rundll32.exe 28 PID 1720 wrote to memory of 2084 1720 rundll32.exe 28 PID 1720 wrote to memory of 2084 1720 rundll32.exe 28 PID 1720 wrote to memory of 2084 1720 rundll32.exe 28 PID 1720 wrote to memory of 2084 1720 rundll32.exe 28 PID 1720 wrote to memory of 2084 1720 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8f35fd19e2a20256445edcc2020fb589.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1720 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8f35fd19e2a20256445edcc2020fb589.dll,#12⤵PID:2084
-