Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
7s -
max time network
0s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
06/08/2024, 10:26
Static task
static1
Behavioral task
behavioral1
Sample
3012-2-0x00000000001B0000-0x00000000001BB000-memory.dmp
Resource
win7-20240705-en
3 signatures
1800 seconds
General
-
Target
3012-2-0x00000000001B0000-0x00000000001BB000-memory.dmp
-
Size
44KB
-
MD5
7b8bd857af5ac84f7f6d23f6bce86c81
-
SHA1
db516885937bdc3a5d85cdc97bd4f52d3a3b0f97
-
SHA256
68ee5369614b9f4faeb2be046f6ad0fa1ce9b05a9514702927b17dad512f5837
-
SHA512
312608ff0b741bebac74c4ec83962b51a8dfe3b451b5cf8e2bfaba6791e6baf96ba5ffa6bc177117b1b798d5e46932d04c1b0149ff5f6e528a06bdfab4d5cf55
-
SSDEEP
768:3Nb3bVNQ1rG+Sx0ruYuNyscK+2Ohm7rDtHqnZzl1xP5SusjSLun9hQ++Kd:3lrE5G+Sx0Bz4vxkzHxP5Nsj8khQ+v
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2172136094-3310281978-782691160-1000_Classes\Local Settings rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1148 wrote to memory of 1284 1148 cmd.exe 30 PID 1148 wrote to memory of 1284 1148 cmd.exe 30 PID 1148 wrote to memory of 1284 1148 cmd.exe 30
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\3012-2-0x00000000001B0000-0x00000000001BB000-memory.dmp1⤵
- Suspicious use of WriteProcessMemory
PID:1148 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\3012-2-0x00000000001B0000-0x00000000001BB000-memory.dmp2⤵
- Modifies registry class
PID:1284
-