Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/04/2024, 12:20
Static task
static1
Behavioral task
behavioral1
Sample
85fa43c3f84b31fbe34bf078af5a614612d32282d7b14523610a13944aadaacb.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
85fa43c3f84b31fbe34bf078af5a614612d32282d7b14523610a13944aadaacb.dll
Resource
win10v2004-20240226-en
General
-
Target
85fa43c3f84b31fbe34bf078af5a614612d32282d7b14523610a13944aadaacb.dll
-
Size
2.7MB
-
MD5
49e8853801554d9de4dd281828094c8a
-
SHA1
435b31eab4fb35e5775476a6a791b65cc1ccc6c8
-
SHA256
85fa43c3f84b31fbe34bf078af5a614612d32282d7b14523610a13944aadaacb
-
SHA512
73ca1f6d4d795636641888fb9f855061e9d4b18ce2e5d0fc27717daac2a81a9ca07f31bbc092fb4c6f88ab52acf94c3bae20e17a7aa025464de1c8b17c253bab
-
SSDEEP
49152:fuQk/WN01lN25JGUHn7Af/BQLGtZDdlXheVPUiX0C1H0i9:Vk/Wu1SPMB1QKiX/HD
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3020 wrote to memory of 2136 3020 rundll32.exe 28 PID 3020 wrote to memory of 2136 3020 rundll32.exe 28 PID 3020 wrote to memory of 2136 3020 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\85fa43c3f84b31fbe34bf078af5a614612d32282d7b14523610a13944aadaacb.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 3020 -s 1442⤵PID:2136
-