Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
09/03/2024, 14:22
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bc06f48e9f710024cbdab61ad516bbda.dll
Resource
win7-20240221-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
bc06f48e9f710024cbdab61ad516bbda.dll
Resource
win10v2004-20240226-en
2 signatures
150 seconds
General
-
Target
bc06f48e9f710024cbdab61ad516bbda.dll
-
Size
690KB
-
MD5
bc06f48e9f710024cbdab61ad516bbda
-
SHA1
e0c75514a6f1675b6a55cb4b2711283ba09ad763
-
SHA256
729f3b57b327bf72e25a6caf13cbfbeeda92cb34a463ea02fec2112a3fdbcb58
-
SHA512
a644a02d0d5ed4ae55a5bfe772001066f33683e7868e03eedc4fc3944bdb773d9be05ca47aa38314b456c78e8725ebecb24e93dd8603c6de7689ff3c3c00274b
-
SSDEEP
12288:1V12dCZ2Vqwjqy/S0zsJoX7zGhT7LVsViYCjb3uu21NQ8JJlj:1X2EoVqKl5yoX7KhzWSHun1y2j
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1464 wrote to memory of 2472 1464 rundll32.exe 28 PID 1464 wrote to memory of 2472 1464 rundll32.exe 28 PID 1464 wrote to memory of 2472 1464 rundll32.exe 28 PID 1464 wrote to memory of 2472 1464 rundll32.exe 28 PID 1464 wrote to memory of 2472 1464 rundll32.exe 28 PID 1464 wrote to memory of 2472 1464 rundll32.exe 28 PID 1464 wrote to memory of 2472 1464 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bc06f48e9f710024cbdab61ad516bbda.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1464 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bc06f48e9f710024cbdab61ad516bbda.dll,#12⤵PID:2472
-