Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25/05/2024, 22:13
Static task
static1
Behavioral task
behavioral1
Sample
5e67e4444e1b85334a37bc395e3b705377d4b825d176b76207416f04d586f5c8.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5e67e4444e1b85334a37bc395e3b705377d4b825d176b76207416f04d586f5c8.dll
Resource
win10v2004-20240508-en
General
-
Target
5e67e4444e1b85334a37bc395e3b705377d4b825d176b76207416f04d586f5c8.dll
-
Size
327KB
-
MD5
8aaf2b03ef53c6e80107628902108515
-
SHA1
adc570f0b3f5133d9b8b16932c616ed788317c89
-
SHA256
5e67e4444e1b85334a37bc395e3b705377d4b825d176b76207416f04d586f5c8
-
SHA512
875711f20ed3dfb93376624fa848c19ac2ff66187127b57e139d7bd46891ab6739f05465ffad3573a7e0a49fcc7cc841909a32a0bb8e6e79efda9b0a51923e41
-
SSDEEP
6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2984 wrote to memory of 2996 2984 rundll32.exe 28 PID 2984 wrote to memory of 2996 2984 rundll32.exe 28 PID 2984 wrote to memory of 2996 2984 rundll32.exe 28 PID 2984 wrote to memory of 2996 2984 rundll32.exe 28 PID 2984 wrote to memory of 2996 2984 rundll32.exe 28 PID 2984 wrote to memory of 2996 2984 rundll32.exe 28 PID 2984 wrote to memory of 2996 2984 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5e67e4444e1b85334a37bc395e3b705377d4b825d176b76207416f04d586f5c8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2984 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5e67e4444e1b85334a37bc395e3b705377d4b825d176b76207416f04d586f5c8.dll,#12⤵PID:2996
-