Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
28/02/2024, 05:53
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ab281e539d9e2dbdc5ca4862ef847f47.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ab281e539d9e2dbdc5ca4862ef847f47.dll
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
ab281e539d9e2dbdc5ca4862ef847f47.dll
-
Size
29KB
-
MD5
ab281e539d9e2dbdc5ca4862ef847f47
-
SHA1
a6fab0f1021f23ae3e60ca39c54ac52dad67f7b6
-
SHA256
c79173b33e1bb2001250fa66d77afb01335249573680170310e6ba5ba55bc4fd
-
SHA512
46594d9cfb4a1d6aacc3db1a617c343c06b14f209e97926fed66346032511979af223a4f6407ca49eda9a502388fd94914f3ba2d3da3cdb20a63d1164c6b6a0c
-
SSDEEP
768:FnUh2FbFSvMrLLqz9d5iLD1T8m7dln04Sr+:FnUh6rrqz9bixz
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2904 wrote to memory of 2964 2904 rundll32.exe 28 PID 2904 wrote to memory of 2964 2904 rundll32.exe 28 PID 2904 wrote to memory of 2964 2904 rundll32.exe 28 PID 2904 wrote to memory of 2964 2904 rundll32.exe 28 PID 2904 wrote to memory of 2964 2904 rundll32.exe 28 PID 2904 wrote to memory of 2964 2904 rundll32.exe 28 PID 2904 wrote to memory of 2964 2904 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ab281e539d9e2dbdc5ca4862ef847f47.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2904 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ab281e539d9e2dbdc5ca4862ef847f47.dll,#12⤵PID:2964
-