Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
26/06/2024, 01:15
Static task
static1
Behavioral task
behavioral1
Sample
52e8a939e2ab6eb54760c70038c27bdc249616cc9dd91f22a2027e228554edc8.dll
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
52e8a939e2ab6eb54760c70038c27bdc249616cc9dd91f22a2027e228554edc8.dll
Resource
win10v2004-20240611-en
General
-
Target
52e8a939e2ab6eb54760c70038c27bdc249616cc9dd91f22a2027e228554edc8.dll
-
Size
1.2MB
-
MD5
3855937691751cf581110df9531fe6a1
-
SHA1
ce9b28416aa86c14e17705dd58835bf721a83980
-
SHA256
52e8a939e2ab6eb54760c70038c27bdc249616cc9dd91f22a2027e228554edc8
-
SHA512
842d00f089906f86bcfcc2eae0de8bacebb8f0938d862e5abfa31dfbdc5e0156a8e3c85fd8bf62904e3daa011e1e4735de8ec4d4d3df188ce791bffe8006df62
-
SSDEEP
24576:cL3ABX9LWEwCwSW5w3RJPVddDmv80DrvXRugee1yqqK7Ou1klAvAUY17:ce0vwhJMvL/Juqce+kY1
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2912 wrote to memory of 2704 2912 rundll32.exe 28 PID 2912 wrote to memory of 2704 2912 rundll32.exe 28 PID 2912 wrote to memory of 2704 2912 rundll32.exe 28 PID 2912 wrote to memory of 2704 2912 rundll32.exe 28 PID 2912 wrote to memory of 2704 2912 rundll32.exe 28 PID 2912 wrote to memory of 2704 2912 rundll32.exe 28 PID 2912 wrote to memory of 2704 2912 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\52e8a939e2ab6eb54760c70038c27bdc249616cc9dd91f22a2027e228554edc8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\52e8a939e2ab6eb54760c70038c27bdc249616cc9dd91f22a2027e228554edc8.dll,#12⤵PID:2704
-