Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
20/04/2024, 00:15
Static task
static1
Behavioral task
behavioral1
Sample
918fcc7565a6af5e4df4ef6fd9d3046734dd9887d8a4f7171c9af72d359e4f36.dll
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
918fcc7565a6af5e4df4ef6fd9d3046734dd9887d8a4f7171c9af72d359e4f36.dll
Resource
win10v2004-20240412-en
General
-
Target
918fcc7565a6af5e4df4ef6fd9d3046734dd9887d8a4f7171c9af72d359e4f36.dll
-
Size
81KB
-
MD5
45e23654a89af90189683bc2ae6c568b
-
SHA1
9cc65602942e0914ed2f129f297ac89bca9624e1
-
SHA256
918fcc7565a6af5e4df4ef6fd9d3046734dd9887d8a4f7171c9af72d359e4f36
-
SHA512
1fd3b53a6ffd2364186541712601ab96a3374594c27e896c0104130ad89afa7bd87963140f288d4290c91f3305063d42f1c1f68a13b559f229620e83c2887be8
-
SSDEEP
1536:PByXv7uWGEqXZKXTadSp7Lxw9zzBPw+NASUSFOj8sWHcdF6+eXq8WT:ev4JKXTx71wnArSsXFpeXq8WT
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2220 wrote to memory of 2720 2220 rundll32.exe 28 PID 2220 wrote to memory of 2720 2220 rundll32.exe 28 PID 2220 wrote to memory of 2720 2220 rundll32.exe 28 PID 2220 wrote to memory of 2720 2220 rundll32.exe 28 PID 2220 wrote to memory of 2720 2220 rundll32.exe 28 PID 2220 wrote to memory of 2720 2220 rundll32.exe 28 PID 2220 wrote to memory of 2720 2220 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\918fcc7565a6af5e4df4ef6fd9d3046734dd9887d8a4f7171c9af72d359e4f36.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\918fcc7565a6af5e4df4ef6fd9d3046734dd9887d8a4f7171c9af72d359e4f36.dll,#12⤵PID:2720
-