Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26/05/2024, 03:03
Static task
static1
Behavioral task
behavioral1
Sample
cc4e6938614afdf03bd2a984b6550876cb61f34d0e8edd97b1ff2ef7b43605cf.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
cc4e6938614afdf03bd2a984b6550876cb61f34d0e8edd97b1ff2ef7b43605cf.dll
Resource
win10v2004-20240508-en
General
-
Target
cc4e6938614afdf03bd2a984b6550876cb61f34d0e8edd97b1ff2ef7b43605cf.dll
-
Size
317KB
-
MD5
f5ad507b38954e1accd0facf2f0b1301
-
SHA1
fb5c121189bab7b4663ba0bac7167e7690a6263a
-
SHA256
cc4e6938614afdf03bd2a984b6550876cb61f34d0e8edd97b1ff2ef7b43605cf
-
SHA512
d67169aa881c43f0e4e37b833210236e2f325c892142e7bf480ada6e09efb467b0b89613c51e1153b3173fee022d33971cba11db4896d9bb3d55025ad363f345
-
SSDEEP
6144:zmWoza0a1IMVVEb3uqRpwIUV9lMYmFQqZRRphLuVucfb8ehbjN8wS21bKRTw4f3x:zmWQa0a1IMVr9eMqbRzLuVucfb8ehbjH
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3000 wrote to memory of 2212 3000 rundll32.exe 28 PID 3000 wrote to memory of 2212 3000 rundll32.exe 28 PID 3000 wrote to memory of 2212 3000 rundll32.exe 28 PID 3000 wrote to memory of 2212 3000 rundll32.exe 28 PID 3000 wrote to memory of 2212 3000 rundll32.exe 28 PID 3000 wrote to memory of 2212 3000 rundll32.exe 28 PID 3000 wrote to memory of 2212 3000 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cc4e6938614afdf03bd2a984b6550876cb61f34d0e8edd97b1ff2ef7b43605cf.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3000 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cc4e6938614afdf03bd2a984b6550876cb61f34d0e8edd97b1ff2ef7b43605cf.dll,#12⤵PID:2212
-