Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
24/06/2024, 23:13
Static task
static1
Behavioral task
behavioral1
Sample
805dc96bd1e07bff47f3bc2ef9edd06b9939419e5f6a8a458720bef656803ee3.dll
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
805dc96bd1e07bff47f3bc2ef9edd06b9939419e5f6a8a458720bef656803ee3.dll
Resource
win10v2004-20240508-en
General
-
Target
805dc96bd1e07bff47f3bc2ef9edd06b9939419e5f6a8a458720bef656803ee3.dll
-
Size
5KB
-
MD5
976f609711f36231d0b9690b28b913c9
-
SHA1
0df847ac1c8c0fd4b1165708285ba8e4f5d822e7
-
SHA256
805dc96bd1e07bff47f3bc2ef9edd06b9939419e5f6a8a458720bef656803ee3
-
SHA512
3ce1500dc96aec4f4fc70e6d4153fb98c7aefc627116ffb39bf8caf3be2c84d7544ff03eafb831e5e1468da7b7f910b72d51b358d925dfdb0ac7ffca6aa31105
-
SSDEEP
48:SWkO0IoyTnXz+ihZjoktUdtTYQjfcW1A4JuofTEvYlT50L:ZJTnXzvokSdtRjnAEuofTiGT5U
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2332 wrote to memory of 1708 2332 rundll32.exe 28 PID 2332 wrote to memory of 1708 2332 rundll32.exe 28 PID 2332 wrote to memory of 1708 2332 rundll32.exe 28 PID 2332 wrote to memory of 1708 2332 rundll32.exe 28 PID 2332 wrote to memory of 1708 2332 rundll32.exe 28 PID 2332 wrote to memory of 1708 2332 rundll32.exe 28 PID 2332 wrote to memory of 1708 2332 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\805dc96bd1e07bff47f3bc2ef9edd06b9939419e5f6a8a458720bef656803ee3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\805dc96bd1e07bff47f3bc2ef9edd06b9939419e5f6a8a458720bef656803ee3.dll,#12⤵PID:1708
-