Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25/02/2024, 16:57
Static task
static1
Behavioral task
behavioral1
Sample
e3181167b2eba03a97f385dc9c736815719c8ff2489087ec88207f2591b7d526.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e3181167b2eba03a97f385dc9c736815719c8ff2489087ec88207f2591b7d526.dll
Resource
win10v2004-20240221-en
General
-
Target
e3181167b2eba03a97f385dc9c736815719c8ff2489087ec88207f2591b7d526.dll
-
Size
95KB
-
MD5
9a658b057fd003ca477166b7d9693ed5
-
SHA1
ef51a5b973ea36c54e5fafeea36b88cd60e5fe79
-
SHA256
e3181167b2eba03a97f385dc9c736815719c8ff2489087ec88207f2591b7d526
-
SHA512
3cc7a94e429c36df9fbc9440cfb892324619e4dea94d590c624a9fb5ff3675cd33f9f3b0bcf478ed94eedef1a0110c858f087ec6e28f14e75fa07da3b9e1dde9
-
SSDEEP
1536:i3tuVknvAfxMe2/0+1x1CH5WJMjWUdWBkDL27bA4BWRNOKt7BtnP:UzvAf0s+k8M2fDWHO8n
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1964 wrote to memory of 1136 1964 rundll32.exe 1 PID 1964 wrote to memory of 1136 1964 rundll32.exe 1 PID 1964 wrote to memory of 1136 1964 rundll32.exe 1
Processes
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1964 -s 1481⤵PID:1136
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e3181167b2eba03a97f385dc9c736815719c8ff2489087ec88207f2591b7d526.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1964