Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
20/02/2024, 15:08
Behavioral task
behavioral1
Sample
0fe65f7ad9ccb1eb1d37c3b4dc6ef5e88ef300d18e4c7ae89f86c8325d254990.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
0fe65f7ad9ccb1eb1d37c3b4dc6ef5e88ef300d18e4c7ae89f86c8325d254990.dll
Resource
win10v2004-20231215-en
General
-
Target
0fe65f7ad9ccb1eb1d37c3b4dc6ef5e88ef300d18e4c7ae89f86c8325d254990.dll
-
Size
899KB
-
MD5
433b6279e960f8d42b880063416aa009
-
SHA1
b72ba9030006843a3546e58ce1ca9d862618fc44
-
SHA256
0fe65f7ad9ccb1eb1d37c3b4dc6ef5e88ef300d18e4c7ae89f86c8325d254990
-
SHA512
38f9baf4c9e9938bdee9e064a6ce98a02bb58ae8e9afeb760ec973efba52f20c2fd792995c33efbabeff147ec2a7a89dc358cfa95bd168db56bec57e23cc21dd
-
SSDEEP
24576:7V2bG+2gMir4fgt7ibhRM5QhKehFdMtRj7nH1PXV:7wqd87VV
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2484 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1516 wrote to memory of 2484 1516 rundll32.exe 28 PID 1516 wrote to memory of 2484 1516 rundll32.exe 28 PID 1516 wrote to memory of 2484 1516 rundll32.exe 28 PID 1516 wrote to memory of 2484 1516 rundll32.exe 28 PID 1516 wrote to memory of 2484 1516 rundll32.exe 28 PID 1516 wrote to memory of 2484 1516 rundll32.exe 28 PID 1516 wrote to memory of 2484 1516 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0fe65f7ad9ccb1eb1d37c3b4dc6ef5e88ef300d18e4c7ae89f86c8325d254990.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1516 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\0fe65f7ad9ccb1eb1d37c3b4dc6ef5e88ef300d18e4c7ae89f86c8325d254990.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2484
-