Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
18/04/2024, 13:37 UTC
Behavioral task
behavioral1
Sample
6540e6240901a8b8bd5ccef8a27a19d3354b2ce2f2b88ba8c621a7a86c207d73.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
6540e6240901a8b8bd5ccef8a27a19d3354b2ce2f2b88ba8c621a7a86c207d73.dll
Resource
win10v2004-20240412-en
General
-
Target
6540e6240901a8b8bd5ccef8a27a19d3354b2ce2f2b88ba8c621a7a86c207d73.dll
-
Size
51KB
-
MD5
d30d133f09f2702ff95a724cccc2a04e
-
SHA1
e0270d9309aeb68f349d1de6a78f0a0b0fefa0f2
-
SHA256
6540e6240901a8b8bd5ccef8a27a19d3354b2ce2f2b88ba8c621a7a86c207d73
-
SHA512
1ed306d9dbb8d51ff6c911283a67c831fd6a1086349fbbb6e17439bbc35b7f61fcca6ad2d0e3e61e0e689b2d8f9b6d3f0cbd9a405f3395d263b1539e3c4a08f0
-
SSDEEP
1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLTJYH5:1dWubF3n9S91BF3fbo3JYH5
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2920 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2856 wrote to memory of 2920 2856 rundll32.exe 28 PID 2856 wrote to memory of 2920 2856 rundll32.exe 28 PID 2856 wrote to memory of 2920 2856 rundll32.exe 28 PID 2856 wrote to memory of 2920 2856 rundll32.exe 28 PID 2856 wrote to memory of 2920 2856 rundll32.exe 28 PID 2856 wrote to memory of 2920 2856 rundll32.exe 28 PID 2856 wrote to memory of 2920 2856 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6540e6240901a8b8bd5ccef8a27a19d3354b2ce2f2b88ba8c621a7a86c207d73.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6540e6240901a8b8bd5ccef8a27a19d3354b2ce2f2b88ba8c621a7a86c207d73.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2920
-