Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19/02/2024, 21:51
Behavioral task
behavioral1
Sample
5f0acb953526b30211da0fc6a8f5349c0c1ad8f806d257162303d96d16aa0cfb.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
5f0acb953526b30211da0fc6a8f5349c0c1ad8f806d257162303d96d16aa0cfb.dll
Resource
win10v2004-20231215-en
General
-
Target
5f0acb953526b30211da0fc6a8f5349c0c1ad8f806d257162303d96d16aa0cfb.dll
-
Size
899KB
-
MD5
320579ee61b6d1ce45329b9eb1cfb17f
-
SHA1
2e4e9b4bda2fb826ad7bcae2ac3fcedeb5d3157b
-
SHA256
5f0acb953526b30211da0fc6a8f5349c0c1ad8f806d257162303d96d16aa0cfb
-
SHA512
6f60951338e997d76cb8aa8a7244fd4ef37700b8e70beb1e84125854641c66846532b41dc409c89976d46bfd504f8caf0121d152553b97f4cfc68a0e24fd9c3e
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXJ:7wqd87VJ
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2784 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2132 wrote to memory of 2784 2132 rundll32.exe 28 PID 2132 wrote to memory of 2784 2132 rundll32.exe 28 PID 2132 wrote to memory of 2784 2132 rundll32.exe 28 PID 2132 wrote to memory of 2784 2132 rundll32.exe 28 PID 2132 wrote to memory of 2784 2132 rundll32.exe 28 PID 2132 wrote to memory of 2784 2132 rundll32.exe 28 PID 2132 wrote to memory of 2784 2132 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f0acb953526b30211da0fc6a8f5349c0c1ad8f806d257162303d96d16aa0cfb.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2132 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5f0acb953526b30211da0fc6a8f5349c0c1ad8f806d257162303d96d16aa0cfb.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2784
-