Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
28/06/2024, 13:25
Behavioral task
behavioral1
Sample
3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll
Resource
win10v2004-20240508-en
General
-
Target
3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll
-
Size
13.2MB
-
MD5
f4c06995470f34390e9090a2c7a3fc95
-
SHA1
a0fe4f9551ebdaa5e7e983e583eefd4a2d0cef92
-
SHA256
3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251
-
SHA512
7484fb4154cf5eb6715bbe43f020508662d1c244dc02ad662f2f15a8e4fe7f76c5a07b84a7d4de9d43e800ab23c9b5cb6de9d14f57a3365679ebb5603ca5ecce
-
SSDEEP
196608:1b2mHsvktiRxL2FSmXfsCkLZopUrt3iyOAaCxq7sNvD1IaeOZiG6BrKl9i:l2mvgL2zEaa1iyOAlvSxOEGmr
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2424 wrote to memory of 2056 2424 rundll32.exe 28 PID 2424 wrote to memory of 2056 2424 rundll32.exe 28 PID 2424 wrote to memory of 2056 2424 rundll32.exe 28 PID 2424 wrote to memory of 2056 2424 rundll32.exe 28 PID 2424 wrote to memory of 2056 2424 rundll32.exe 28 PID 2424 wrote to memory of 2056 2424 rundll32.exe 28 PID 2424 wrote to memory of 2056 2424 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\3839d7830dd1c7d7ef066d6968a9572fb9514d58c402269d3d50870e72148251.dll,#12⤵PID:2056
-