Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/05/2024, 21:17
Static task
static1
Behavioral task
behavioral1
Sample
170f9260cc1daf9639d566015826f8f89c46063762f2e6268d1d12f9d7901745.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
170f9260cc1daf9639d566015826f8f89c46063762f2e6268d1d12f9d7901745.dll
Resource
win10v2004-20240419-en
General
-
Target
170f9260cc1daf9639d566015826f8f89c46063762f2e6268d1d12f9d7901745.dll
-
Size
2.8MB
-
MD5
7dadea7334dbfe3104f0a9fc49d632ce
-
SHA1
43fdd438d87b5d70822d6c6ea98eb68c94bf94b9
-
SHA256
170f9260cc1daf9639d566015826f8f89c46063762f2e6268d1d12f9d7901745
-
SHA512
65aff553fc7eb9b84905f9aedde01497ab10862715ddd4acfa44bc20db1b9b7e9973cd02c8f5ff36cc1d55a0c26699e30f432ba9cec8fbbd50653003b38e8177
-
SSDEEP
24576:emR9Q6aGFRh/QXr8CGnvEtv7cBK0maYA8JT8hgr6L/cDyDnup9TbaCKc4lqtPb6K:ey9QVGU8/n8tviK/aYAjgmKdbPbtpB1z
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1808 wrote to memory of 2296 1808 rundll32.exe 28 PID 1808 wrote to memory of 2296 1808 rundll32.exe 28 PID 1808 wrote to memory of 2296 1808 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\170f9260cc1daf9639d566015826f8f89c46063762f2e6268d1d12f9d7901745.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1808 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1808 -s 522⤵PID:2296
-