Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06/06/2024, 00:49
Static task
static1
Behavioral task
behavioral1
Sample
7425a5de667a0cbb1c9fbb4f88a9ec6fd1cc3dc28de602e4e2b9548a63708f62.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
7425a5de667a0cbb1c9fbb4f88a9ec6fd1cc3dc28de602e4e2b9548a63708f62.dll
Resource
win10v2004-20240508-en
General
-
Target
7425a5de667a0cbb1c9fbb4f88a9ec6fd1cc3dc28de602e4e2b9548a63708f62.dll
-
Size
81KB
-
MD5
faee7925db9821d4577261e165e7c7b1
-
SHA1
089bb5ec640992fec2481cdccfcb7daacf260754
-
SHA256
7425a5de667a0cbb1c9fbb4f88a9ec6fd1cc3dc28de602e4e2b9548a63708f62
-
SHA512
89770d34b7de9718ada2b6ea21c970646098c1749230d6b174582907a773141db18f479ca5562c832d11e72b7a43de43de380fa901a668a75578287e492e44f4
-
SSDEEP
1536:equENqqMLa0Je1JZDMZIEdGixRUz+dcWRMcilKUcZUtiVbCF:nw/JuZDkdzRU8cWRQ9cZU+bu
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2968 wrote to memory of 3024 2968 rundll32.exe 28 PID 2968 wrote to memory of 3024 2968 rundll32.exe 28 PID 2968 wrote to memory of 3024 2968 rundll32.exe 28 PID 2968 wrote to memory of 3024 2968 rundll32.exe 28 PID 2968 wrote to memory of 3024 2968 rundll32.exe 28 PID 2968 wrote to memory of 3024 2968 rundll32.exe 28 PID 2968 wrote to memory of 3024 2968 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7425a5de667a0cbb1c9fbb4f88a9ec6fd1cc3dc28de602e4e2b9548a63708f62.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7425a5de667a0cbb1c9fbb4f88a9ec6fd1cc3dc28de602e4e2b9548a63708f62.dll,#12⤵PID:3024
-