Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
12/05/2024, 14:20
Static task
static1
Behavioral task
behavioral1
Sample
646c17f40c0d2f9691f4d169c294e0354757d1c395740f717fdf0e8810319ac5.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
646c17f40c0d2f9691f4d169c294e0354757d1c395740f717fdf0e8810319ac5.dll
Resource
win10v2004-20240508-en
General
-
Target
646c17f40c0d2f9691f4d169c294e0354757d1c395740f717fdf0e8810319ac5.dll
-
Size
1.1MB
-
MD5
25818f21d110828b80d3dd3bac5e91c8
-
SHA1
f6748584c4830cdc527700d6cd92131643f10570
-
SHA256
646c17f40c0d2f9691f4d169c294e0354757d1c395740f717fdf0e8810319ac5
-
SHA512
b685537bc86f606cb79cc49c82ed53d2f6d9c5ac70ac635d78d9a3320c82b04afe39352b3d9d70b14fafcdcec5c5a68e6c10de879c1f2b2683f7397d66034c7f
-
SSDEEP
12288:/jqUGZXvGq76B5wvwo5XQGqjM4b/Z1DxmPuAhlKyABjvrEH7E:/jqUGZXvn+BIXNGXbyJyrEH7E
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2552 wrote to memory of 2748 2552 rundll32.exe 28 PID 2552 wrote to memory of 2748 2552 rundll32.exe 28 PID 2552 wrote to memory of 2748 2552 rundll32.exe 28 PID 2552 wrote to memory of 2748 2552 rundll32.exe 28 PID 2552 wrote to memory of 2748 2552 rundll32.exe 28 PID 2552 wrote to memory of 2748 2552 rundll32.exe 28 PID 2552 wrote to memory of 2748 2552 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\646c17f40c0d2f9691f4d169c294e0354757d1c395740f717fdf0e8810319ac5.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2552 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\646c17f40c0d2f9691f4d169c294e0354757d1c395740f717fdf0e8810319ac5.dll,#12⤵PID:2748
-