Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
05/04/2024, 00:10
Static task
static1
Behavioral task
behavioral1
Sample
b3190ef77cf9a0172a9f5984fdfda575a670e0d820098edb875a03180884ad5e.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
b3190ef77cf9a0172a9f5984fdfda575a670e0d820098edb875a03180884ad5e.dll
Resource
win10v2004-20240226-en
General
-
Target
b3190ef77cf9a0172a9f5984fdfda575a670e0d820098edb875a03180884ad5e.dll
-
Size
6KB
-
MD5
b911edffdc6ececff4a08f2b3cf103f0
-
SHA1
49a2e563c89a353b583954e9b2f3498a758dbc77
-
SHA256
b3190ef77cf9a0172a9f5984fdfda575a670e0d820098edb875a03180884ad5e
-
SHA512
84b0cc8ce8de1664d242a585722161cdb10d94dd52718a67109d24ba0b57e83625f4a8dc4ea4307ae9ee214256433c0f98b20c5079b39ba373b84384a8c892a1
-
SSDEEP
48:6DOdd5YVOiFVE/y/sqwokyJyi0pB+BDq9J5S9:piFVE/y6okJtB+FqX5S9
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2188 wrote to memory of 2004 2188 rundll32.exe 28 PID 2188 wrote to memory of 2004 2188 rundll32.exe 28 PID 2188 wrote to memory of 2004 2188 rundll32.exe 28 PID 2188 wrote to memory of 2004 2188 rundll32.exe 28 PID 2188 wrote to memory of 2004 2188 rundll32.exe 28 PID 2188 wrote to memory of 2004 2188 rundll32.exe 28 PID 2188 wrote to memory of 2004 2188 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b3190ef77cf9a0172a9f5984fdfda575a670e0d820098edb875a03180884ad5e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2188 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b3190ef77cf9a0172a9f5984fdfda575a670e0d820098edb875a03180884ad5e.dll,#12⤵PID:2004
-