Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24/02/2024, 14:10
Behavioral task
behavioral1
Sample
a20b93cbdba7918946108e3d9d1854f6.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
a20b93cbdba7918946108e3d9d1854f6.dll
Resource
win10v2004-20240221-en
2 signatures
150 seconds
General
-
Target
a20b93cbdba7918946108e3d9d1854f6.dll
-
Size
348KB
-
MD5
a20b93cbdba7918946108e3d9d1854f6
-
SHA1
8837bdb6e5cb0f4f56bee57bd1d548e0a9fa60e3
-
SHA256
5b234b82289d001299b8d370db8269d3907aa250180645d46d7723c59f330865
-
SHA512
790623b18573a40b08f8ea9b6872294bb361c548422a5cb96c9abda31e5801cb2f54990bf630d2cd54b6ccbbb3c85b06583382703a5db29b5bb3b7fc00439962
-
SSDEEP
3072:K4IF4glZchwrDmnC9HgQsgTl9Qai4ViIIr0XYRJLbgFoutu6iFd:xkLKarD0CBgQsq9QrAur0XqcoSEH
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/1740-0-0x0000000013140000-0x0000000013199000-memory.dmp upx behavioral1/memory/1740-1-0x0000000013140000-0x0000000013199000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 868 wrote to memory of 1740 868 rundll32.exe 28 PID 868 wrote to memory of 1740 868 rundll32.exe 28 PID 868 wrote to memory of 1740 868 rundll32.exe 28 PID 868 wrote to memory of 1740 868 rundll32.exe 28 PID 868 wrote to memory of 1740 868 rundll32.exe 28 PID 868 wrote to memory of 1740 868 rundll32.exe 28 PID 868 wrote to memory of 1740 868 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a20b93cbdba7918946108e3d9d1854f6.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:868 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a20b93cbdba7918946108e3d9d1854f6.dll,#12⤵PID:1740
-