Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20/04/2024, 00:38
Behavioral task
behavioral1
Sample
9abc5c3eb8255433488dd62e327a6650bae2980837a6952bafb510cf89dae178.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
9abc5c3eb8255433488dd62e327a6650bae2980837a6952bafb510cf89dae178.dll
Resource
win10v2004-20240226-en
General
-
Target
9abc5c3eb8255433488dd62e327a6650bae2980837a6952bafb510cf89dae178.dll
-
Size
51KB
-
MD5
6b95d4a1ccc3961fb84b95c21643fa81
-
SHA1
71fd63fa4a7862841924f1cd9a88fb9abaf79538
-
SHA256
9abc5c3eb8255433488dd62e327a6650bae2980837a6952bafb510cf89dae178
-
SHA512
9a62407c0a5ff92620a7c8167fb0ba4292c4019acaa3bb7534a592a5d92e08d6358ce406eacec69ed95cdcbe032752c4f4a0c1cb3949644088a22ef0428022c4
-
SSDEEP
1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoL9JYH5:1dWubF3n9S91BF3fboxJYH5
Malware Config
Signatures
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2676 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1732 wrote to memory of 2676 1732 rundll32.exe 28 PID 1732 wrote to memory of 2676 1732 rundll32.exe 28 PID 1732 wrote to memory of 2676 1732 rundll32.exe 28 PID 1732 wrote to memory of 2676 1732 rundll32.exe 28 PID 1732 wrote to memory of 2676 1732 rundll32.exe 28 PID 1732 wrote to memory of 2676 1732 rundll32.exe 28 PID 1732 wrote to memory of 2676 1732 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9abc5c3eb8255433488dd62e327a6650bae2980837a6952bafb510cf89dae178.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9abc5c3eb8255433488dd62e327a6650bae2980837a6952bafb510cf89dae178.dll,#12⤵
- Suspicious behavior: RenamesItself
PID:2676
-