Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
10/03/2024, 12:00
Static task
static1
Behavioral task
behavioral1
Sample
ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816.dll
Resource
win10v2004-20240226-en
General
-
Target
ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816.dll
-
Size
2.2MB
-
MD5
babfedc8cb68df0196607d5acd49b28b
-
SHA1
700c188a362e979753b890b61757932ca888a4fc
-
SHA256
ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816
-
SHA512
9899b4e133ee35da3c052c940f18cfac1f84db75ee8d583cb3da6a1357f886114eab98a42ac894c15855c9308e686c84bbbd811510b50938f07e4b907bc508ad
-
SSDEEP
49152:TJd0OM5FVm/8RgJsYM97tQjFozL19wNa/WgB:VCOM5jyJ1jFKp9JWgB
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2920 wrote to memory of 3024 2920 rundll32.exe 28 PID 2920 wrote to memory of 3024 2920 rundll32.exe 28 PID 2920 wrote to memory of 3024 2920 rundll32.exe 28 PID 2920 wrote to memory of 3024 2920 rundll32.exe 28 PID 2920 wrote to memory of 3024 2920 rundll32.exe 28 PID 2920 wrote to memory of 3024 2920 rundll32.exe 28 PID 2920 wrote to memory of 3024 2920 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2920 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ff11e4cf9b5570071b2fbce3168ac36cd1aecb06b748bebdbbfe7f4e7eb43816.dll,#12⤵PID:3024
-