Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
10/06/2024, 12:28
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
VirusShare_1b266f23cab5ae881ca35344e86c3ef0.dll
Resource
win7-20240221-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
VirusShare_1b266f23cab5ae881ca35344e86c3ef0.dll
Resource
win10v2004-20240426-en
2 signatures
150 seconds
General
-
Target
VirusShare_1b266f23cab5ae881ca35344e86c3ef0.dll
-
Size
148KB
-
MD5
1b266f23cab5ae881ca35344e86c3ef0
-
SHA1
02fd7e7c00c2bea42541ff3043641a4e655d7299
-
SHA256
a650c4357227b0fd8ba6cd6dc3a9fb0b53812ee8caa79544f419add2b653bdfb
-
SHA512
54c5e5418eecb6cb2ad213287cd9211f3cde6cd72b75ec50c499c7f27ec3a737f2ff4c8876359001317f1d8de507a5a24855aba78b0728493b2680b319d6435a
-
SSDEEP
3072:IjlVttNwkVCmq+UyCcGuCu/YFzH5h95OEbzk:IJVDNFCuCmLYFzvPOEU
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2884-1-0x00000000001E0000-0x0000000000213000-memory.dmp upx -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2868 wrote to memory of 2884 2868 rundll32.exe 28 PID 2868 wrote to memory of 2884 2868 rundll32.exe 28 PID 2868 wrote to memory of 2884 2868 rundll32.exe 28 PID 2868 wrote to memory of 2884 2868 rundll32.exe 28 PID 2868 wrote to memory of 2884 2868 rundll32.exe 28 PID 2868 wrote to memory of 2884 2868 rundll32.exe 28 PID 2868 wrote to memory of 2884 2868 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_1b266f23cab5ae881ca35344e86c3ef0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2868 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_1b266f23cab5ae881ca35344e86c3ef0.dll,#12⤵PID:2884
-