Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
27/02/2024, 18:10
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a9d0f87c0be628f75d61d5642e4cf372.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
a9d0f87c0be628f75d61d5642e4cf372.dll
Resource
win10v2004-20240226-en
1 signatures
150 seconds
General
-
Target
a9d0f87c0be628f75d61d5642e4cf372.dll
-
Size
14KB
-
MD5
a9d0f87c0be628f75d61d5642e4cf372
-
SHA1
65823daeb9453f97fbfecb8702673dada6d72cb7
-
SHA256
56c8f5c661fac655f921800fc2fc85881661708252aa1e7cded3a5767406d3b4
-
SHA512
db8bd100c69bdc25179f1ac31d575ce96f9507ea369490654ba4b14fa970067a003daf26610e2af0d6d4197959ce88d8171d56361c7d3f1a5e2a140715da553f
-
SSDEEP
192:aT88iIEEczt6+LE5CMh9gjVsWqK/tU0nZUTAvW0OqWsNWPb:wHE9Y3vh9gvfZQAvW/qWsNWz
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1220 wrote to memory of 1692 1220 rundll32.exe 28 PID 1220 wrote to memory of 1692 1220 rundll32.exe 28 PID 1220 wrote to memory of 1692 1220 rundll32.exe 28 PID 1220 wrote to memory of 1692 1220 rundll32.exe 28 PID 1220 wrote to memory of 1692 1220 rundll32.exe 28 PID 1220 wrote to memory of 1692 1220 rundll32.exe 28 PID 1220 wrote to memory of 1692 1220 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a9d0f87c0be628f75d61d5642e4cf372.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1220 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a9d0f87c0be628f75d61d5642e4cf372.dll,#12⤵PID:1692
-