Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
13s -
max time network
14s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
19/07/2024, 00:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2ba4a40aa616e83f9cf18e4d6f2c5150N.dll
Resource
win7-20240708-en
1 signatures
120 seconds
Behavioral task
behavioral2
Sample
2ba4a40aa616e83f9cf18e4d6f2c5150N.dll
Resource
win10v2004-20240709-en
1 signatures
120 seconds
General
-
Target
2ba4a40aa616e83f9cf18e4d6f2c5150N.dll
-
Size
7KB
-
MD5
2ba4a40aa616e83f9cf18e4d6f2c5150
-
SHA1
9f3a9878dc7bb448b7afa0f6b53a7a4efef2f94c
-
SHA256
8f8262c05b6d495bcf21c20a272b6ef4fa927b1fd72b9e9d14732527bc17ac56
-
SHA512
a5586cf63268186af71d4335ed51fdf7045ff65a88cf7bb27ec8a25277f0462dc05ae6c9a0ff35a64904d3bd8f56779fa6c21ea267b8015eb5d30384e7129e62
-
SSDEEP
96:z0QR9B6BvAwb/DiSXedzLcVsj5XubaEZw5ai6e8EA/emenn7kT:JR94/bhX1fCai6F/B67kT
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2152 wrote to memory of 2140 2152 rundll32.exe 30 PID 2152 wrote to memory of 2140 2152 rundll32.exe 30 PID 2152 wrote to memory of 2140 2152 rundll32.exe 30 PID 2152 wrote to memory of 2140 2152 rundll32.exe 30 PID 2152 wrote to memory of 2140 2152 rundll32.exe 30 PID 2152 wrote to memory of 2140 2152 rundll32.exe 30 PID 2152 wrote to memory of 2140 2152 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ba4a40aa616e83f9cf18e4d6f2c5150N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2ba4a40aa616e83f9cf18e4d6f2c5150N.dll,#12⤵PID:2140
-