Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
14/09/2024, 22:35
Static task
static1
Behavioral task
behavioral1
Sample
e8206ff782c7a93aec78fa41e540e14931948b8e322d76cdb386797918c29656.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e8206ff782c7a93aec78fa41e540e14931948b8e322d76cdb386797918c29656.dll
Resource
win10v2004-20240802-en
General
-
Target
e8206ff782c7a93aec78fa41e540e14931948b8e322d76cdb386797918c29656.dll
-
Size
872KB
-
MD5
eb29b2a5651416efba1d57ac27dba36f
-
SHA1
e8757008751fa8c4d3ca5736bc9e7ba79833504f
-
SHA256
e8206ff782c7a93aec78fa41e540e14931948b8e322d76cdb386797918c29656
-
SHA512
a1112e68f8746a3c0719ff86979b463075b3d42f7dbf3bd2af14360b87778d8d00a2be6810d4223fce38ef74ed640a53afa1a6f5bfa7c6824f69d32a6055e73f
-
SSDEEP
24576:nNdScKrbJLEd8rDU64RgyC5hUUU5qxxxxxxxxxxxxxxUxxxxxxxxHJ:LKadcYLR8HUUUsxxxxxxxxxxxxxxUxx9
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1112 rundll32.exe 1112 rundll32.exe 1112 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2528 wrote to memory of 1112 2528 rundll32.exe 30 PID 2528 wrote to memory of 1112 2528 rundll32.exe 30 PID 2528 wrote to memory of 1112 2528 rundll32.exe 30 PID 2528 wrote to memory of 1112 2528 rundll32.exe 30 PID 2528 wrote to memory of 1112 2528 rundll32.exe 30 PID 2528 wrote to memory of 1112 2528 rundll32.exe 30 PID 2528 wrote to memory of 1112 2528 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e8206ff782c7a93aec78fa41e540e14931948b8e322d76cdb386797918c29656.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2528 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e8206ff782c7a93aec78fa41e540e14931948b8e322d76cdb386797918c29656.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1112
-