Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
140s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/04/2024, 11:46
Behavioral task
behavioral1
Sample
6f76d29b00e83d8fef479e9e261e4fe8f98db387c15d8d8bfebbe03b898c0131.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
6f76d29b00e83d8fef479e9e261e4fe8f98db387c15d8d8bfebbe03b898c0131.dll
Resource
win10v2004-20240226-en
General
-
Target
6f76d29b00e83d8fef479e9e261e4fe8f98db387c15d8d8bfebbe03b898c0131.dll
-
Size
743KB
-
MD5
39e9973602915b568e471c662003f6ad
-
SHA1
10d7b6bfdf7af1b7121970948c2f9f8ee9bdd0b7
-
SHA256
6f76d29b00e83d8fef479e9e261e4fe8f98db387c15d8d8bfebbe03b898c0131
-
SHA512
46e0d8511931ca5905e012c029d7f14fd5aa958fb6e08e9d0b06c8edab0e66dcd0f99b2f6d34f161bb6f44bbe111606c8696d6ac78afe39509badd52b971d199
-
SSDEEP
12288:LK/B5QF5BV3wW9uD/mhCQFhvLulYMoGoPMP7ki0sD7VojMOVMl36W/8M:aB5QzB2W9xhzulYMoGoU7nD7VtOVMM4
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/3020-1-0x0000000074370000-0x0000000074742000-memory.dmp upx behavioral1/memory/3020-2-0x0000000074370000-0x0000000074742000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3020 wrote to memory of 1992 3020 rundll32.exe 28 PID 3020 wrote to memory of 1992 3020 rundll32.exe 28 PID 3020 wrote to memory of 1992 3020 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6f76d29b00e83d8fef479e9e261e4fe8f98db387c15d8d8bfebbe03b898c0131.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3020 -s 2442⤵PID:1992
-