Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20/05/2024, 03:34
Static task
static1
Behavioral task
behavioral1
Sample
dc024a7765cdda86a42bcd31e8df5b1724aec3bc4498f5dfa5d844c1ceef9e4a.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dc024a7765cdda86a42bcd31e8df5b1724aec3bc4498f5dfa5d844c1ceef9e4a.dll
Resource
win10v2004-20240426-en
General
-
Target
dc024a7765cdda86a42bcd31e8df5b1724aec3bc4498f5dfa5d844c1ceef9e4a.dll
-
Size
12KB
-
MD5
3715a9e3ce6853de01375459387235f4
-
SHA1
d47a171b28a9c465e638b9613f722caaceffff03
-
SHA256
dc024a7765cdda86a42bcd31e8df5b1724aec3bc4498f5dfa5d844c1ceef9e4a
-
SHA512
dbb45298dddc41befae0d700c91c07aa97a1034f67a627e986617a44f66fa397eecc5550d1f00eb6308fdcc0e7b2b8b05b0100a924b4fb009708cfba5b8dadee
-
SSDEEP
192:Xs+qy10SkZNL7+o9sGczas+5UcQyerU4JUocwvVS500p:XpASkZh+YcWNUccw4JMwE50
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1796 wrote to memory of 348 1796 rundll32.exe 28 PID 1796 wrote to memory of 348 1796 rundll32.exe 28 PID 1796 wrote to memory of 348 1796 rundll32.exe 28 PID 1796 wrote to memory of 348 1796 rundll32.exe 28 PID 1796 wrote to memory of 348 1796 rundll32.exe 28 PID 1796 wrote to memory of 348 1796 rundll32.exe 28 PID 1796 wrote to memory of 348 1796 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dc024a7765cdda86a42bcd31e8df5b1724aec3bc4498f5dfa5d844c1ceef9e4a.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1796 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\dc024a7765cdda86a42bcd31e8df5b1724aec3bc4498f5dfa5d844c1ceef9e4a.dll,#12⤵PID:348
-