Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
16/06/2024, 03:48
Static task
static1
Behavioral task
behavioral1
Sample
e507c37ab5e5652ab54cf67749fcdb412320dbf93f22b939bee9d1f7cb87d26e.dll
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
e507c37ab5e5652ab54cf67749fcdb412320dbf93f22b939bee9d1f7cb87d26e.dll
Resource
win10v2004-20240611-en
General
-
Target
e507c37ab5e5652ab54cf67749fcdb412320dbf93f22b939bee9d1f7cb87d26e.dll
-
Size
395KB
-
MD5
36e4f8761880dfc8f3cb652c2de09b62
-
SHA1
3416bea0329ada9564a13e04b128ad8ad4c3c845
-
SHA256
e507c37ab5e5652ab54cf67749fcdb412320dbf93f22b939bee9d1f7cb87d26e
-
SHA512
d595f46232d5fe4c72166a062605c5f8482b0239dece068f144789fc708c8a0000d99d0de67f5a3213a641f39f151e9aae577c50fc002666cf05bff3e0d25918
-
SSDEEP
6144:rCaq9ubZxqLHZBwm/Y81dXOSH4yju66AnR7NRncR5aTHVXcj9V50DErPAOznM2P:5qo8kc1dXRHvKGc7aT1XcyD4RM
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1244 wrote to memory of 2396 1244 rundll32.exe 28 PID 1244 wrote to memory of 2396 1244 rundll32.exe 28 PID 1244 wrote to memory of 2396 1244 rundll32.exe 28 PID 1244 wrote to memory of 2396 1244 rundll32.exe 28 PID 1244 wrote to memory of 2396 1244 rundll32.exe 28 PID 1244 wrote to memory of 2396 1244 rundll32.exe 28 PID 1244 wrote to memory of 2396 1244 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e507c37ab5e5652ab54cf67749fcdb412320dbf93f22b939bee9d1f7cb87d26e.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1244 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e507c37ab5e5652ab54cf67749fcdb412320dbf93f22b939bee9d1f7cb87d26e.dll,#12⤵PID:2396
-