Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19/02/2024, 19:27
Static task
static1
Behavioral task
behavioral1
Sample
8f89e9ac30c3d658b8e5bcbc6468348bd58ed710bdbab751ab2a991b384731b9.dll
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
8f89e9ac30c3d658b8e5bcbc6468348bd58ed710bdbab751ab2a991b384731b9.dll
Resource
win10v2004-20231222-en
General
-
Target
8f89e9ac30c3d658b8e5bcbc6468348bd58ed710bdbab751ab2a991b384731b9.dll
-
Size
1.2MB
-
MD5
9a86f0d325ac931b52e0b17cadfd4706
-
SHA1
de7314f334a30165398b1fe9da9eae96b3fb1669
-
SHA256
8f89e9ac30c3d658b8e5bcbc6468348bd58ed710bdbab751ab2a991b384731b9
-
SHA512
55b974b852c874b996e5d1d9dcd4ae9cf2127e0585b2be7a2454f756d6e01ccb3e60c96c1992c09744c850b45a1496bcd1e0b0a03a7329208771f3f09fe2c814
-
SSDEEP
24576:McYZEnNCUmBLmK4EeMTXOi/RxIhr0o7Ps43o4nGHYOzUdBRmLv2:HYCEeMTXNouPQdBRh
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2248 wrote to memory of 2140 2248 rundll32.exe 28 PID 2248 wrote to memory of 2140 2248 rundll32.exe 28 PID 2248 wrote to memory of 2140 2248 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8f89e9ac30c3d658b8e5bcbc6468348bd58ed710bdbab751ab2a991b384731b9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2248 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2248 -s 842⤵PID:2140
-