Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
10/04/2024, 12:40
Static task
static1
Behavioral task
behavioral1
Sample
90b0a4c9fe8fd0084a5d50ed781c7c8908f6ade44e5654acffea922e281c6b33.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
90b0a4c9fe8fd0084a5d50ed781c7c8908f6ade44e5654acffea922e281c6b33.dll
Resource
win10v2004-20240226-en
General
-
Target
90b0a4c9fe8fd0084a5d50ed781c7c8908f6ade44e5654acffea922e281c6b33.dll
-
Size
99KB
-
MD5
fe97c113301e79932b65ce87439d464b
-
SHA1
2f9e1236be80dc727d1f3734c9cd81dd7faef7c1
-
SHA256
90b0a4c9fe8fd0084a5d50ed781c7c8908f6ade44e5654acffea922e281c6b33
-
SHA512
8f3e545ae4896951329f49d478d86314850a47ac8560705a8372626b7d908c62b589104f0d87720ca32c9eec8b54603c3d7901e7fd1ded5743ce8bad02994d1a
-
SSDEEP
3072:IGhjus7+i9nRbA5KUHuGbC6PWzaX+7vDwUYhUjF:IoDCwnRM/h
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2480 wrote to memory of 2808 2480 rundll32.exe 28 PID 2480 wrote to memory of 2808 2480 rundll32.exe 28 PID 2480 wrote to memory of 2808 2480 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\90b0a4c9fe8fd0084a5d50ed781c7c8908f6ade44e5654acffea922e281c6b33.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2480 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2480 -s 842⤵PID:2808
-